ea76da127b0541b2d3563f2d0b71f836_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea76da127b0541b2d3563f2d0b71f836_JaffaCakes118
Size

248KB
MD5

ea76da127b0541b2d3563f2d0b71f836
SHA1

37c6382324e1dafa82df04946ce27bf9538a9297
SHA256

b025b30ed5ce6a07b60f2bb4510571a33a09cc78f502ae8a02097da0b046ad14
SHA512

ae37acafb655fd3c3de5572c91a8a84846666d942af7e0046f13e70b9b825e969b102e96309de5872367786c5dc3b325c1ddcecd5ff663716afe525635d275ec
SSDEEP

3072:NsjSpy0bShLy8gXvzJ9k8a/o3zQaBRQhynHa3Ifl5V2j9zyRjOHbGE3Zq8yjibjT:Nsjl0bu+NxjxBRQhyHJfCyR6HsIC/kD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea76da127b0541b2d3563f2d0b71f836_JaffaCakes118

Files

ea76da127b0541b2d3563f2d0b71f836_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mobsync.pdb

Imports

msvcrt

__argc
__argv
toupper
_ftol
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
strncpy
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcscmp
_except_handler3

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegEnumKeyA
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
GetUserNameA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken

kernel32

LocalReAlloc
GetStartupInfoA
GetModuleHandleA
lstrcpynA
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
CloseHandle
GetLastError
SetEvent
FormatMessageW
InitializeCriticalSection
CreateThread
GetCurrentProcess
SetEnvironmentVariableW
GetCurrentThread
GetSystemDefaultLangID
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedExchange
MultiByteToWideChar
lstrlenA
DuplicateHandle
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
LocalAlloc
LocalFree
TerminateThread
WideCharToMultiByte
GetUserDefaultLCID
AreFileApisANSI
IsBadReadPtr
SetLastError
LoadLibraryA
LoadLibraryW
CreateEventA
CreateEventW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
FormatMessageA

gdi32

SetTextColor
GetTextExtentPointW
GetTextExtentPointA
CreateFontIndirectW
CreateFontIndirectA
SetBkColor
SelectObject
RestoreDC
DeleteObject
GetObjectA
SaveDC

user32

RegisterWindowMessageA
WinHelpW
WinHelpA
SetWindowTextW
SetWindowTextA
FindWindowW
FindWindowA
AttachThreadInput
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetMessageA
wsprintfW
DestroyWindow
PostQuitMessage
SetWindowLongA
GetWindowLongA
LoadCursorA
LoadIconA
DefDlgProcA
DefDlgProcW
SendMessageA
SetFocus
EnableWindow
GetFocus
IsWindowEnabled
GetDlgItem
UpdateWindow
SetForegroundWindow
ShowWindow
SystemParametersInfoA
GetClientRect
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetWindowRect
DrawAnimatedRects
EndPaint
DrawIcon
BeginPaint
InvalidateRect
SetTimer
KillTimer
IsWindowVisible
DrawFocusRect
FillRect
GetSysColor
ReleaseDC
SetRect
GetDC
RedrawWindow
CallWindowProcW
SetCursor
GetParent
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
DefWindowProcA
DefWindowProcW
LoadStringA
LoadStringW
FindWindowExW
RegisterWindowMessageW
CreateWindowExA
CreateWindowExW
CreateDialogParamA
CreateDialogParamW
RegisterClassA
RegisterClassW
MessageBoxA
MessageBoxW
SendMessageW
DrawTextA
DrawTextW
FindWindowExA

ole32

CoRegisterClassObject
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoRevokeClassObject
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ImageList_Create
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx

mobsync

RegGetSchedConnectionName
RegSetUserDefaults
RegGetSyncSettings
RegGetHandlerTopLevelKey
RegSchedHandlerItemsChecked
RegQueryLoadHandlerOnEvent
RegGetHandlerRegistrationInfo
RegGetSyncItemSettings
RegRemoveManualSyncSettings
RegSetSyncItemSettings
RegSetProgressDetailsState
RegGetProgressDetailsState
MobsyncGetClassObject
DisplayOptions
RegGetSchedSyncSettings

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ole32

comctl32

mobsync

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 53KB - Virtual size: 52KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 53KB - Virtual size: 52KB

.UPX0
Size: 108KB - Virtual size: 260KB