d4fc7af6b10ac2bd9a182e5d7776f158_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4fc7af6b10ac2bd9a182e5d7776f158_JaffaCakes118
Size

260KB
MD5

d4fc7af6b10ac2bd9a182e5d7776f158
SHA1

2e9df47592a85bc5622185329f2d640828ea0b57
SHA256

8fce24fc26d5e1a1daa280172eaf7d7ec68f7a7ee49bdb1a9018fe084d8d8e39
SHA512

391cd944ffd5667d31470f9201b639cbe710c9358ccd5e9e487e5f0bec36b19588c1d3cbfcdb7b1a00ffc67d7dbd51fda615c5fb345dbd9ef46a48a736fed01b
SSDEEP

6144:KrRHTcvzzjmSAllRWYdQgjKfQwbpiT+jaggI1esZ:KRHMzjHAnsmV6nb4jAZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4fc7af6b10ac2bd9a182e5d7776f158_JaffaCakes118

Files

d4fc7af6b10ac2bd9a182e5d7776f158_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55d7072335ea318882ca277cf7d77050

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
CreateMutexW
GetProcAddress

user32

GetSystemMetrics
SetWindowLongW
GetSysColorBrush
SetTimer
mouse_event
InvalidateRgn
SetDlgItemTextW
SetCursorPos
GetCapture
LoadBitmapA
UpdateLayeredWindow
GetClassInfoA
DefWindowProcW
GetMenuItemID
InsertMenuA
PostMessageA
SetDlgItemTextA
ShowWindow
CreateDialogParamA
WaitMessage
TrackPopupMenu
CheckMenuItem
CreateMenu
FindWindowW
InvalidateRect
SetCapture
RegisterClassA
CharNextW
CharPrevA
GetClassInfoExW
EndMenu
CreateDialogIndirectParamW
GetCaretPos
LoadMenuIndirectW
MessageBoxA
GetMenuStringA
MessageBoxIndirectA
InsertMenuItemA

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

resutils

ResUtilGetProperty
ResUtilGetPropertiesToParameterBlock
ResUtilVerifyService
ResUtilGetDwordProperty
ResUtilSetPrivatePropertyList
ResUtilGetDwordValue
ResUtilSetExpandSzValue
ResUtilGetBinaryProperty
ResUtilTerminateServiceProcessFromResDll
ResUtilFindLongProperty
ResUtilGetSzValue

gdi32

CreateHatchBrush
SetWinMetaFileBits
GetMetaFileW
CreateMetaFileW
AddFontResourceW
CreateFontIndirectA
CreatePolyPolygonRgn
SetEnhMetaFileBits
GetStockObject
GetRasterizerCaps

dssec

DSCreateISecurityInfoObject

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 96KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 3KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 4KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55d7072335ea318882ca277cf7d77050

Headers

File Characteristics

Imports

kernel32

user32

advapi32

resutils

gdi32

dssec

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 48KB

.text Size: 4KB - Virtual size: 447KB

.edata Size: 96KB - Virtual size: 186KB

CODE Size: 3KB - Virtual size: 363KB

.data Size: 7KB - Virtual size: 262KB

.edata Size: 121KB - Virtual size: 155KB

UPX0 Size: 4KB - Virtual size: 490KB

.rdata Size: 512B - Virtual size: 229KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 48KB

.text
Size: 4KB - Virtual size: 447KB

.edata
Size: 96KB - Virtual size: 186KB

CODE
Size: 3KB - Virtual size: 363KB

.data
Size: 7KB - Virtual size: 262KB

.edata
Size: 121KB - Virtual size: 155KB

UPX0
Size: 4KB - Virtual size: 490KB

.rdata
Size: 512B - Virtual size: 229KB

.rsrc
Size: 1KB - Virtual size: 1KB