de16c1d7677d139f0ec358529e0321d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de16c1d7677d139f0ec358529e0321d1_JaffaCakes118
Size

3.6MB
MD5

de16c1d7677d139f0ec358529e0321d1
SHA1

da2b94de769acb97674ff9f81898572318a8e860
SHA256

5374d18344f00afb5f3ef4b624ad4fb77d7eef4d735b74f19174847e88ddb1fd
SHA512

7cea20458f63ca8100bc9268986b13d0eaf1db3744f3b6ef5c4b62c28e2a03ace5dda140d9a7380ed60abc64ca7ffaf19eb2ed2de45a54f34698b7fcc8110ea8
SSDEEP

24576:Vf8YdSOk4DqHNg50Lhp9PEPVwsW+ibQzU5PcDdzOASH7QfonE2OlfbUIM1eRmcuh:ndhGry98PIdzcH29z2WDud1d46gkLr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de16c1d7677d139f0ec358529e0321d1_JaffaCakes118

Files

de16c1d7677d139f0ec358529e0321d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1bf17e1ea1b522b507381a43a182382

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

winmm

mmioDescend
mmioOpenA
mmioAscend
mmioRead
mmioClose
mmioSeek
mmioSetInfo
mmioGetInfo
mmioAdvance
timeGetTime

kernel32

Beep
GlobalLock
GlobalAlloc
LoadResource
FindResourceA
LoadLibraryA
LockResource
FreeResource
GetCurrentProcessId
GetVolumeInformationA
GetDriveTypeA
GetModuleFileNameA
SetUnhandledExceptionFilter
SetFilePointer
GlobalUnlock
lstrcpyA
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
GetCurrentThread
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
CreateDirectoryA
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
MulDiv
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CloseHandle
GetVersionExA
GetProcAddress
FreeLibrary
GetTickCount
WaitForSingleObject
Sleep
OutputDebugStringA
GetCurrentProcess
CreateFileA
SetHandleCount
SetEnvironmentVariableA
LCMapStringA
FlushFileBuffers
HeapSize
RaiseException
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
RtlUnwind
SetEndOfFile
GetVersion
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetSystemTimeAsFileTime
MoveFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetLocalTime
LCMapStringW
GetStdHandle
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitProcess
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
GetLocaleInfoA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileW
UnmapViewOfFile
SetStdHandle
WinExec
GetFullPathNameA
lstrcmpiA
GetSystemInfo
IsProcessorFeaturePresent
GetProcessHeap
DeleteFileA
GetCurrentDirectoryA
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsValidCodePage
IsBadReadPtr
GetLocaleInfoW
IsBadCodePtr
ReadFile
GetFileType
GetUserDefaultLCID
EnumSystemLocalesA

user32

SetWindowPos
MessageBoxA
GetCursorPos
DispatchMessageA
PeekMessageA
ClientToScreen
GetKeyState
ToAscii
GetKeyboardState
GetAsyncKeyState
wsprintfA
GetSysColor
ScreenToClient
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDC
ReleaseDC
GetWindowRect
GetClientRect
GetClipboardData
SetWindowLongA
PostQuitMessage
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
SetCursor
LoadCursorA
RegisterClassA
SetRect
AdjustWindowRect
CreateWindowExA
ShowWindow
UpdateWindow
wvsprintfA
LoadStringA
GetDesktopWindow
DialogBoxParamA
GetDlgItem
SendMessageA
IsDlgButtonChecked
EndDialog
EnableWindow
CheckDlgButton
SetCursorPos
SetMenu
GetWindowLongA

gdi32

DeleteObject
CreateDIBSection
GetTextMetricsA
GetStockObject
GetDeviceCaps
DeleteDC
TextOutA
GetCharABCWidthsA
GetCharWidth32A
GetKerningPairsA
GetOutlineTextMetricsA
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectA
CreateCompatibleDC
SetTextAlign
GetTextExtentPoint32A

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegCloseKey

shell32

ShellExecuteExA

dinput8

DirectInput8Create

wsock32

accept
inet_ntoa
htonl
ntohl
select
__WSAFDIsSet
gethostbyname
send
getpeername
connect
htons
setsockopt
recv
closesocket
ntohs
socket
WSAStartup

d3d9

Direct3DCreate9

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 32.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.const2
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1bf17e1ea1b522b507381a43a182382

Headers

File Characteristics

Imports

dsound

winmm

kernel32

user32

gdi32

advapi32

shell32

dinput8

wsock32

d3d9

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 1.4MB - Virtual size: 32.6MB

.const2 Size: 4KB - Virtual size: 176B

.rsrc Size: 12KB - Virtual size: 10KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 1.4MB - Virtual size: 32.6MB

.const2
Size: 4KB - Virtual size: 176B

.rsrc
Size: 12KB - Virtual size: 10KB

.UPX0
Size: 104KB - Virtual size: 252KB