df8c888cdcfa63d9acdaec9a07028613_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df8c888cdcfa63d9acdaec9a07028613_JaffaCakes118
Size

1.5MB
MD5

df8c888cdcfa63d9acdaec9a07028613
SHA1

5f1133c259e2f446c1b9e3d43e4244c8c46f60d2
SHA256

1e1292a3e7ad1edb9306dc9043d94c8d7101e0af80a792f04a33fa92674594c8
SHA512

144be910c2425748651d78ea46989ec24cd767fba5453bf0940f9defa50e5086900670b592a195e2f23623e2c97ec4a25ad79ef7913917778c017c524540dfe0
SSDEEP

49152:4fyK4mxC3nxEVwGZ1ORV0yIOhP4rsoQkNoIe:4aK49xmwBn0yIOVFlr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Injector.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AOSHax.dll
unpack001/Injector.exe
unpack002/out.upx

Files

df8c888cdcfa63d9acdaec9a07028613_JaffaCakes118
.zip
AOSHax.dll
.dll windows:6 windows x86 arch:x86

9e61e7a8a57ffb6945e89acbc451d073

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\artem\Desktop\hax\gmod\Free-The-Skids-master\Release\aoshax.pdb

Imports

kernel32

HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
GlobalAlloc
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
VirtualQuery
SetConsoleTextAttribute
GetStdHandle
GetModuleHandleA
MultiByteToWideChar
GetFileAttributesA
K32GetModuleInformation
CreateThread
GetConsoleWindow
VirtualAlloc
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
VirtualFree

user32

SetClipboardData
ShowWindow
CallWindowProcA
GetClipboardData
CloseClipboard
OpenClipboard
GetAsyncKeyState
EmptyClipboard
SetCursorPos
FindWindowW
SetWindowLongW
GetKeyState
ClientToScreen
SetCursor
GetClientRect

imm32

ImmGetContext
ImmSetCompositionWindow

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
_Strxfrm
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_To_wide
_Close_dir
_Open_dir
_Read_dir
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

vcruntime140

__std_exception_copy
strstr
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
memset
__CxxFrameHandler3
memchr
__std_type_info_compare
memmove
memcpy
__std_exception_destroy
__std_terminate
strchr

api-ms-win-crt-stdio-l1-1-0

ungetc
_fseeki64
fgetpos
fopen
fputc
rewind
setvbuf
fsetpos
_get_stream_buffer_pointers
fwrite
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
__stdio_common_vfprintf
fseek
fclose
fflush
__acrt_iob_func
ftell
fgetc

api-ms-win-crt-string-l1-1-0

isprint
isspace
isblank
_stricmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
_errno
_crt_atexit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_wassert

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wmkdir
_splitpath

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_dtest
_libm_sse2_pow_precise
_except1
_dsign
_libm_sse2_sin_precise
floor
_libm_sse2_sqrt_precise
_CIfmod
_libm_sse2_tan_precise
ceil
_CIatan2

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtod
mbstowcs

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Injector.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
urbanichkacfgaoshax.aos

Sharing

General

Malware Config

Signatures

Files

9e61e7a8a57ffb6945e89acbc451d073

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 496KB - Virtual size: 496KB

.rdata Size: 419KB - Virtual size: 419KB

.data Size: 11KB - Virtual size: 69KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 31KB - Virtual size: 30KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.3MB

UPX1 Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 16KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 735KB - Virtual size: 735KB

.data Size: 52KB - Virtual size: 244KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 237KB - Virtual size: 237KB

.text
Size: 496KB - Virtual size: 496KB

.rdata
Size: 419KB - Virtual size: 419KB

.data
Size: 11KB - Virtual size: 69KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 31KB - Virtual size: 30KB

UPX0
Size: - Virtual size: 2.3MB

UPX1
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 735KB - Virtual size: 735KB

.data
Size: 52KB - Virtual size: 244KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 237KB - Virtual size: 237KB