df4be1525d974450b799bf8882641638_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df4be1525d974450b799bf8882641638_JaffaCakes118
Size

323KB
MD5

df4be1525d974450b799bf8882641638
SHA1

fe4a6ed1454fec8b6be6d6ba4776d5aac85a011c
SHA256

e76ebf3008d0f457fa626f3a0082906512d64a389d5e3dfe0232a3c0c3ced7ea
SHA512

0416a61adda4fee406678296a13ea1789a50c3ed412bc3dca0eec97cb2506f6999e247d5540a9d95aaffe9fee02d9cfb8f1799cac953336d4746e74e7dd994a9
SSDEEP

6144:pXmBI/2Iw27oyQ1CzLjsH6MEkTBAzNd2sT6KrC8k2YnaiHg:pXmi/2IsyQQzfsHL/gLVrC8ynlHg

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Process View 5.2.15.1/Graphcontrol.dll	acprotect
static1/unpack001/Process View 5.2.15.1/Prcmon.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Process View 5.2.15.1/Graphcontrol.dll	upx
static1/unpack001/Process View 5.2.15.1/Prcmon.dll	upx
static1/unpack001/Process View 5.2.15.1/Prcview.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Process View 5.2.15.1/Graphcontrol.dll
unpack002/out.upx
unpack001/Process View 5.2.15.1/Prcmon.dll
unpack003/out.upx
unpack001/Process View 5.2.15.1/Prcview.exe
unpack004/out.upx
unpack001/Process View 5.2.15.1/Pv.exe

Files

df4be1525d974450b799bf8882641638_JaffaCakes118
.rar
Process View 5.2.15.1/Graphcontrol.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateGraphControl
GraphControlVersion
_CreateGraphControl@16
_GraphControlVersion@0

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Process View 5.2.15.1/Prcmon.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Check
DebugRun
Install
Run
SetProperty
Uninstall

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Process View 5.2.15.1/Prcview.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Process View 5.2.15.1/Prcview.hlp
Process View 5.2.15.1/Pv.exe
.exe windows:4 windows x86 arch:x86

64a773f8fc346e5470dd82cf7b43c605

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetVersion
CloseHandle
GetProcAddress
GetModuleHandleA
SetPriorityClass
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
WaitForMultipleObjectsEx
Sleep
GetCurrentProcess
LoadLibraryA
lstrcpyA
GetEnvironmentVariableA
GetPriorityClass
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
GetLastError
UnmapViewOfFile
lstrcpynA
MapViewOfFile
CreateFileMappingA
CreateFileA
lstrcmpiA
QueryPerformanceCounter
GetOEMCP
GetACP
HeapSize
SetStdHandle
ReadFile
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
HeapFree
HeapAlloc
SetEndOfFile
RtlUnwind
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
WriteFile
FlushFileBuffers
GetStringTypeA
GetStringTypeW
InterlockedExchange
VirtualQuery
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer

user32

GetWindowTextA
GetDesktopWindow
SendMessageA
SetForegroundWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
CharNextExA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Process View 5.2.15.1/Pv.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 34KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 208KB

UPX1 Size: 126KB - Virtual size: 128KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 12KB - Virtual size: 11KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 228KB

UPX1 Size: 120KB - Virtual size: 120KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 116KB - Virtual size: 116KB

64a773f8fc346e5470dd82cf7b43c605

Headers

File Characteristics

Imports

version

kernel32

user32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 34KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 208KB

UPX1
Size: 126KB - Virtual size: 128KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 12KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 228KB

UPX1
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 116KB - Virtual size: 116KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 9KB