d3d8a153129711abf4028f8ba6d02908_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3d8a153129711abf4028f8ba6d02908_JaffaCakes118
Size

134KB
MD5

d3d8a153129711abf4028f8ba6d02908
SHA1

2f376c17469289eff861ee3cb4895f23a0040708
SHA256

071d2173f3b13169a6181eee4ca9c8d780512b55a2c76002dc47e279edfd525d
SHA512

bac9381532834dc07a068b4bff4dee1346554c8dce40bed65cc51fc64385bc996d731d302aa6f97f169259376f0d3899bb2750f0174e807082931030ccc1e1df
SSDEEP

3072:u0RUPvOx0WkhaJTU2Jfwxflosdd4F+4SkdSys/yuEy6egtsPAnfw4U:utvu0DhadjfwxlDddi+5cpuR6RNfw4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d8a153129711abf4028f8ba6d02908_JaffaCakes118

Files

d3d8a153129711abf4028f8ba6d02908_JaffaCakes118
.exe windows:5 windows x86 arch:x86

732b737a6448e5b4b50f8527d2b10b83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_abnormal_termination
_mbsnbicmp
_mbsnbcmp
wcsncmp
_mbsncmp
_mbslwr
isspace
_mbsnicmp
setlocale
_vsnprintf
_iob
fprintf
_snprintf
_pctype
_ismbcspace
wcscmp
_mbsnextc
memmove
_mbsdec
_mbsicmp
wcsrchr
wcscpy
wcslen
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_mbctoupper
_mbctolower
_mbscpy
_mbslen
_mbscmp
strchr
wcschr
_ismbblead
_mbsinc
_mbsrchr
_wcsnicmp
_mbschr

advapi32

RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA

kernel32

SetFilePointer
SetErrorMode
FindFirstFileA
CreateMutexA
InterlockedIncrement
InterlockedExchange
RaiseException
lstrcpyA
lstrlenA
CloseHandle
ReadFile
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetPrivateProfileStringA
GetWindowsDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetLastError
WriteFile
WritePrivateProfileStringA
MoveFileA
CopyFileA
DeleteFileA
GetDriveTypeA
GetLogicalDrives
GetSystemDirectoryA
GetProcAddress
GetLastError
LoadLibraryExA
GetCommandLineA
SetCurrentDirectoryA
HeapFree
FreeLibrary
GetModuleFileNameA
GetProcessHeap
DeviceIoControl
Thread32Next
ResumeThread
SuspendThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThreadId
Sleep
SetThreadPriority
GetCurrentThread
LoadLibraryA
LocalFree
LocalAlloc
GetModuleHandleA
GetStartupInfoA
FindClose
lstrcpynA
IsDBCSLeadByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
FindNextFileA
RemoveDirectoryA
GetCurrentDirectoryA
OutputDebugStringA
FormatMessageA
CreateEventA
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
HeapAlloc
ExitProcess
GlobalAlloc
WideCharToMultiByte
GetThreadLocale
SetThreadLocale
CreateProcessA
WaitForMultipleObjects
SetEvent
TerminateProcess
WaitForSingleObject
OpenEventA
OpenFileMappingA

user32

GetKeyboardType
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
wsprintfA
MessageBoxA
CharLowerA
CharLowerW

setupapi

SetupOpenLog
SetupLogErrorA
SetupCloseLog
SetupCloseInfFile
SetupOpenInfFileA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 100KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

732b737a6448e5b4b50f8527d2b10b83

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

setupapi

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.UPX0 Size: 100KB - Virtual size: 244KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.UPX0
Size: 100KB - Virtual size: 244KB