d6776eeeae6c523568f27fe6e7a20e68_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6776eeeae6c523568f27fe6e7a20e68_JaffaCakes118
Size

2.3MB
MD5

d6776eeeae6c523568f27fe6e7a20e68
SHA1

bbcd38cccee2bbc11d3a9ae8520449ddc6674d5b
SHA256

aaf6806f32a94d0983fe4be86543379ac9aeb46d6e16c997c979fb226b8d3ce5
SHA512

9d9919e95eb6d4bdd130bc3d4e54c792b1d981a4ee78b8a30658b21c61d0e4cee0b43f83100608984d4c2ce3157966d6ae64ab375e978f279f0189b804e6b8ff
SSDEEP

49152:t5KqQZjGBXfqD9LBfLhc7BcfgUAzE8xjud1vqWH:tAqQ1UfYLh0cfgVjuvN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6776eeeae6c523568f27fe6e7a20e68_JaffaCakes118

Files

d6776eeeae6c523568f27fe6e7a20e68_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17bf1efdbd89e31009bfeadd314f0d23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetTickCount
FindClose
FindFirstFileA
CloseHandle
CreateFileA
WriteFile
SetFilePointer
GetVolumeInformationA
GetDriveTypeA
GetLocalTime
GetLastError
CreateMutexA
SetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
CreateDirectoryA
DeleteFileA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeA
IsBadCodePtr
GetEnvironmentStringsW
IsBadReadPtr
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
ReadFile
HeapSize
HeapAlloc
GetEnvironmentStrings
GetProcAddress
SetUnhandledExceptionFilter
RaiseException
HeapFree
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetVersion
GetFullPathNameA
GetCurrentDirectoryA
GetModuleHandleA
TerminateProcess
ExitProcess
GetCurrentProcess
GetTimeZoneInformation
lstrcpyA
GetSystemTime
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
VirtualFree
VirtualAlloc
HeapDestroy
IsBadWritePtr
HeapCreate

user32

SetRect
SetCursor
ShowCursor
MessageBoxA
MessageBeep
LoadStringA
SetClassLongA
LoadIconA

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

winmm

timeGetTime

ls3df

?Identity@S_matrix@@QAGXXZ
?Make@S_quat@@QAGXABUS_matrix@@@Z
?SetDir@S_matrix@@QAGXABUS_vector@@@Z
?GetUScale@S_matrix@@QBGMXZ
?RotateByNormMatrix@S_vector@@QBG?AU1@ABUS_matrix@@@Z
ISndGetDriver
TEV
?SetRot@S_matrix@@QAGXABUS_quat@@@Z
??XS_matrix@@QAGAAU0@ABU0@@Z
?UpdateHRBoundVolW@I3D_frame@@AAGXXZ
?IntersectionLine@S_plane@@QBG_NABU1@AAUS_vector@@1@Z
?RotateByMatrix@S_quat@@QBG?AU1@ABUS_matrix@@@Z
?Inverse@S_quat@@QBGXAAUS_vector@@AAM@Z
I3DGetDriver
dbgPrintf
?GetDir@S_quat@@QBG?AUS_vector@@XZ
?SetDir@S_quat@@QAGXABUS_vector@@M@Z
??DS_matrix@@QBG?AU0@ABU0@@Z
?SetDir3@S_matrix@@QAGXABUS_vector@@0@Z
?Make@S_quat@@QAGXABUS_vector@@M@Z
?RotationMatrix@S_quat@@QBG?AUS_matrix@@XZ
?AngleTo@S_vector@@QBGMABU1@@Z
?SetRot3@S_matrix@@QAGXABUS_quat@@@Z
?RotateByMatrix@S_vector@@QBG?AU1@ABUS_matrix@@@Z
??DS_vector@@QBG?AU0@ABUS_matrix@@@Z
?UpdateHRBoundVol@I3D_frame@@AAGXXZ
??XS_vector@@QAGAAU0@ABUS_matrix@@@Z
?Slerp@S_quat@@QBG?AU1@ABU1@M_N@Z
?UpdateWMatrixProc@I3D_frame@@AAEXXZ
?GetScale@S_matrix@@QBG?AUS_vector@@XZ
?Normalize@S_quat@@QAGXXZ
?Inverse@S_matrix@@QAG_NABU1@@Z
GetIGraph

ijoy

_CreateJoyBase@20

rw_data

_dtaSeek@12
_dtaRead@12
_dtaWrite@12
_dtaOpen@8
_dtaOpenWrite@8
_dtaClose@4
_dtaCreate@4
_dtaSetDtaFirstForce@0

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17bf1efdbd89e31009bfeadd314f0d23

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winmm

ls3df

ijoy

rw_data

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 64KB - Virtual size: 687KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 64KB - Virtual size: 687KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX0
Size: 104KB - Virtual size: 252KB