d17bbce5929637239e6156f824b4cc7e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d17bbce5929637239e6156f824b4cc7e_JaffaCakes118
Size

194KB
MD5

d17bbce5929637239e6156f824b4cc7e
SHA1

3d3c900054544618e64a3605d1b2f4f352a905a4
SHA256

59438d47c7000f130acdab610733cc4375e110481066b597b897e8b25208948e
SHA512

c84159e1bb2e24b55d489e6ecd245a7cf5e23be4a86b5c4c00b61adc3f8405c35fa9f135c71a3f94142d78ea4f1d34808597745b50286320ce31e44f9e925656
SSDEEP

3072:BuZr/0AqHEeotD5yJB768l/TF4+qOzrrUuI2IRL:DAumDd8ZFzdU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17bbce5929637239e6156f824b4cc7e_JaffaCakes118

Files

d17bbce5929637239e6156f824b4cc7e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f736aea8ad876fa2c01c0bc608678c71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
GetACP
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
WritePrivateProfileStringA
GlobalFlags
SetLastError
GetVersion
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
LocalFree
GetLocalTime
GetTickCount
GetSystemDirectoryA
GetPrivateProfileStringA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA

advapi32

RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

comctl32

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetDeviceCaps
RectVisible
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

user32

MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetSysColor
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
CharNextA
MessageBoxA
PostQuitMessage
PostMessageA
GetMenuItemCount
wsprintfA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RegisterWindowMessageA
LoadStringA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
GetWindowTextA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f736aea8ad876fa2c01c0bc608678c71

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

ole32

oleaut32

user32

winspool.drv

Exports

Exports

Sections

UPX0 Size: 184KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 8KB

.avc Size: 5KB - Virtual size: 8KB

UPX0
Size: 184KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avc
Size: 5KB - Virtual size: 8KB