ea340d415cc97a5032d8a403636b14f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea340d415cc97a5032d8a403636b14f2_JaffaCakes118
Size

57KB
MD5

ea340d415cc97a5032d8a403636b14f2
SHA1

49e1c78cb099c81da0e03e2e17b51b60db3de839
SHA256

ab93385432311a75ea53411eed459b3a2a1c94eb6400422359ca04cb8565bf08
SHA512

69b346e9db1372a1c2253dbbe8c5091b2116a890b186d1fe23a650651db767c1f09c33aeb70765ffb9183736e4209c664bef8ab58f64bda8d3fe2d08e7ffd096
SSDEEP

768:Cgd8hOuZ1l0Sfp+IVvu2qDeu8UM+OkKNTLJEm103MbCKyjpO:vDu/vV22qDecMdTLJxG3MbCKyj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea340d415cc97a5032d8a403636b14f2_JaffaCakes118

Files

ea340d415cc97a5032d8a403636b14f2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9b80a36128f216b4e7517b5ef77f748f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
WriteFile
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
InterlockedIncrement
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
GetShortPathNameA
lstrlenW
MultiByteToWideChar
GetDiskFreeSpaceExA
MoveFileA
DeleteFileA
CloseHandle
HeapFree
CreateThread
WideCharToMultiByte
GetProcessHeap
CreateFileA
lstrlenA
GetTempPathA
WaitForSingleObject
GetExitCodeThread

gdi32

LPtoDP
CreateRectRgnIndirect
CreateDCA
GetDeviceCaps
RestoreDC
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_purecall
memcmp
memcpy
strcmp
time
srand
sprintf
strcat
wcscmp
_EH_prolog
__CxxFrameHandler
strcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
strlen
memset
strncpy

ole32

CoTaskMemFree
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
WriteClassStm

oleaut32

shell32

ShellExecuteA

user32

GetClassInfoExA
IsChild
GetFocus
EndPaint
LoadCursorA
BeginPaint
SetFocus
GetParent
RegisterClassExA
GetDC
SetWindowPos
PtInRect
MessageBoxA
EqualRect
IntersectRect
wsprintfA
UnionRect
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetWindowTextA
IsWindow
CreateWindowExA
PostMessageA
ReleaseDC
CharNextA
DefWindowProcA
ShowWindow
SetTimer
GetWindowTextA
SendMessageA
KillTimer
SetWindowRgn
OffsetRect
InvalidateRect
GetKeyState
DestroyWindow
GetClientRect

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b80a36128f216b4e7517b5ef77f748f

Headers

File Characteristics

Imports

kernel32

gdi32

msvcrt

ole32

oleaut32

shell32

user32

wininet

Exports

Exports

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 3KB - Virtual size: 4KB