db2cc70364a13c3e10789a53043371f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db2cc70364a13c3e10789a53043371f3_JaffaCakes118
Size

169KB
MD5

db2cc70364a13c3e10789a53043371f3
SHA1

7d5c1ecbe541f916c3b1f657ed300c08a0977d93
SHA256

64c68894407ec425ba179815d44b567b02a72056d8e79d9223062e0a60ea3b3a
SHA512

fd2f379e711164ae70d463417d7c72ddc850ec73221d045d68db06620bedf74d633d8f238507a77915514271231d870450147bf22b2f5061c68a9c354bca1070
SSDEEP

3072:3wfYejIjqK2aqW/MH+IW5wy+4dlQq+OQ3sr4A8nsVw02MBYXDcP1E:3wgZjqK2rMMFfy+UlH9QcBw02YYXDUS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/3/psih.safe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/loader_00400000.Embedded01.DLL
unpack001/1/loader_00400000.Embedded01.SYS
unpack001/2/counter.exe
unpack001/3/psih.safe
unpack002/out.upx
unpack001/3/unpacked_.safe
unpack001/4/decrypted.ex_
unpack001/4/hui.ex1

Files

db2cc70364a13c3e10789a53043371f3_JaffaCakes118
.zip

Password: infected
1/loader_00400000.Embedded01.DLL
.dll windows:4 windows x86 arch:x86

900c9669feee613ef80c817b40208f76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
memcmp
_adjust_fdiv
malloc
_initterm
free
fgets
fopen
fwrite
fclose
memset
srand
strcmp
memcpy
sprintf
rand
atoi
strcpy
strncmp
strcat
strncpy
strlen

ws2_32

WSAStartup
gethostname
send
inet_ntoa
setsockopt
connect
shutdown
inet_addr
gethostbyname
socket
select
recv
closesocket
ntohs
htons
sendto
ioctlsocket

user32

TranslateMessage
DispatchMessageA
wsprintfA
GetMessageA

kernel32

SystemTimeToFileTime
GlobalFree
GlobalAlloc
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetTimeFormatA
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
DeleteFileA
GetDateFormatA
GetTimeZoneInformation
GetLocalTime
GetFileAttributesA
lstrcpynA
lstrcatA
lstrcpyA
ExpandEnvironmentStringsA
CreateThread
ExitThread

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

Exports

Exports

_DllMain@12
load

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/loader_00400000.Embedded01.SYS
.sys windows:5 windows x86 arch:x86

7012fc35bbc20eb530e8d5b4f3464409

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePoolWithTag
RtlAppendUnicodeToString
memcpy
memset
ExAllocatePoolWithTag
_except_handler3
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
ProbeForRead
ExGetPreviousMode
toupper
KeReleaseMutex
KeWaitForSingleObject
RtlFreeUnicodeString
RtlCopyUnicodeString
MmIsAddressValid
RtlInitUnicodeString
ZwEnumerateKey
KeServiceDescriptorTable
NtBuildNumber
RtlAppendUnicodeStringToString
ObReferenceObjectByName
IoDriverObjectType
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
IofCompleteRequest
KeInitializeMutex
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 768B - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2/counter.exe
.exe windows:4 windows x86 arch:x86

9956cc60357f0c1d796990249a6c11b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
ReadFile
ExitThread
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateThread
Sleep
CloseHandle

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3/psih.safe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

BSS
Size: - Virtual size: 48KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3/unpacked_.safe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

BSS
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 906B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 493B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4/decrypted.ex_
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4/hui.ex1
.exe windows:4 windows x86 arch:x86

55af718db654c00f9af3a14073f28599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
ShowWindow
SetTimer
GetMessageA
RegisterClassExA
PostQuitMessage
LoadImageA
LoadIconA
LoadCursorA
KillTimer
GetClientRect
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA
UpdateWindow
BeginPaint

kernel32

GetCommandLineA
VirtualFree
VirtualAlloc
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleA
ExitProcess

gdi32

GetObjectA
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

900c9669feee613ef80c817b40208f76

Headers

File Characteristics

Imports

msvcrt

ws2_32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 1KB

7012fc35bbc20eb530e8d5b4f3464409

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 640B - Virtual size: 516B

.data Size: 256B - Virtual size: 184B

INIT Size: 1024B - Virtual size: 926B

.reloc Size: 768B - Virtual size: 682B

9956cc60357f0c1d796990249a6c11b3

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 512B - Virtual size: 430B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 240B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 72KB

UPX1 Size: 23KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

BSS Size: - Virtual size: 48KB

CODE Size: 2KB - Virtual size: 1KB

DATA Size: 23KB - Virtual size: 22KB

.idata Size: 1024B - Virtual size: 906B

.rdata Size: 512B - Virtual size: 493B

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

BSS Size: 48KB - Virtual size: 48KB

CODE Size: 1KB - Virtual size: 1KB

DATA Size: 22KB - Virtual size: 22KB

.idata Size: 906B - Virtual size: 906B

.rdata Size: 493B - Virtual size: 493B

.rsrc Size: 2KB - Virtual size: 2KB

.mackt Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 512B - Virtual size: 108B

.reloc Size: 512B - Virtual size: 72B

55af718db654c00f9af3a14073f28599

Headers

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 640B - Virtual size: 516B

.data
Size: 256B - Virtual size: 184B

INIT
Size: 1024B - Virtual size: 926B

.reloc
Size: 768B - Virtual size: 682B

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 512B - Virtual size: 430B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 240B

UPX0
Size: - Virtual size: 72KB

UPX1
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 48KB

CODE
Size: 2KB - Virtual size: 1KB

DATA
Size: 23KB - Virtual size: 22KB

.idata
Size: 1024B - Virtual size: 906B

.rdata
Size: 512B - Virtual size: 493B

.rsrc
Size: 2KB - Virtual size: 2KB

BSS
Size: 48KB - Virtual size: 48KB

CODE
Size: 1KB - Virtual size: 1KB

DATA
Size: 22KB - Virtual size: 22KB

.idata
Size: 906B - Virtual size: 906B

.rdata
Size: 493B - Virtual size: 493B

.rsrc
Size: 2KB - Virtual size: 2KB

.mackt
Size: 4KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 512B - Virtual size: 108B

.reloc
Size: 512B - Virtual size: 72B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 842B

.data
Size: 512B - Virtual size: 48B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 512B - Virtual size: 208B