d2fe73af9fff664e6d9efb6270c1b7eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2fe73af9fff664e6d9efb6270c1b7eb_JaffaCakes118
Size

191KB
MD5

d2fe73af9fff664e6d9efb6270c1b7eb
SHA1

6f897afa0e577f9a0edd2d6bcec6fc46f2d8f603
SHA256

3868ec8421e527cbfec0af206306cbd94d0f99d3af324a74dfe75f9b48c8ae9e
SHA512

9e4d49075e4a329ec6cc01516c42c451700d6d74b4806701efa6e84ca721d50bbe71d1d31028ebd03a4bb67ee5d710f795501434984cd2ed93b14fce0dbb459d
SSDEEP

3072:zhP0c/PituOFcJ8390tMmx1rekryvc9UHd4FisOp7lHq8cK0NpHsZNto60IOLHzd:zhPHHOFs8Jmx0koc9XsHHWmZjL0ImJRx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2fe73af9fff664e6d9efb6270c1b7eb_JaffaCakes118

Files

d2fe73af9fff664e6d9efb6270c1b7eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9300ecfb3712fda41b828b7ccf1ad2cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\outlook\x86\ship\0\scanost.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
__CxxFrameHandler3
??2@YAPAXI@Z
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
??3@YAXPAX@Z
realloc
??_U@YAPAXI@Z
memcpy
free
memmove
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
??_V@YAXPAX@Z

kernel32

FreeLibrary
LocalAlloc
RaiseException
LoadLibraryExW
GetSystemDirectoryW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualProtect
IsBadWritePtr
FormatMessageW
GetTickCount
CreateThread
CloseHandle
HeapDestroy
lstrlenA
OutputDebugStringA
GetModuleFileNameW
SetLastError
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
GetLastError

olmapi32

ord17
ord21
ord11
ord13
ord15
ord23
ord259
ord140

user32

GetSystemMetrics
SendMessageW
SetWindowPos
GetDlgCtrlID
RegisterClassExA
GetClassInfoExA
CreateWindowExW
GetMessagePos
wsprintfA
LoadCursorA
SetCursor
DefWindowProcA
CallWindowProcA
DestroyWindow
GetNextDlgTabItem
GetDlgItem
ShowWindow
CreateDialogParamW
DialogBoxParamW
LoadImageA
TranslateMessage
GetMessageA
PeekMessageA
EnableWindow
CheckRadioButton
IsDialogMessageA
PostQuitMessage
IsWindow
GetActiveWindow
LoadStringW
MessageBoxW
PostMessageA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
IsDlgButtonChecked
CheckDlgButton
GetWindowLongA
SetWindowLongA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
DispatchMessageA
MapWindowPoints
ScreenToClient

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9300ecfb3712fda41b828b7ccf1ad2cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

olmapi32

user32

advapi32

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: 144KB - Virtual size: 380KB