eaa81bed96f3aad54f4b52ec1c92f0ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eaa81bed96f3aad54f4b52ec1c92f0ba_JaffaCakes118
Size

268KB
MD5

eaa81bed96f3aad54f4b52ec1c92f0ba
SHA1

d9907002dcd119a28cf7cda3a5679831798e8aee
SHA256

a70bdf6caeac4aef4b3e2be02105725c0d693480991a282dffb0732dafc0c410
SHA512

b8ee5871f9eff0424e71e7642d917caca893b7addfe457206c8e839e081d1e64e6d86a122f9a36948f6d8f14cb7462178879d9e09c53facde4412c5133db21b6
SSDEEP

6144:0h86/aYGRsygdxtJHYpZSbaht6V4SwxazePFOQZUUpWr:0hdaYOgjYpZSba76V4jOeXZur

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaa81bed96f3aad54f4b52ec1c92f0ba_JaffaCakes118

Files

eaa81bed96f3aad54f4b52ec1c92f0ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0ea07573bbf17bbb45a584f096eafac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
GetModuleHandleA
GetProcAddress

user32

GetForegroundWindow
wsprintfW
CharUpperW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

imagehlp

FindFileInPath
ImageLoad
SymGetLineNext64
SymEnumerateSymbolsW
SymGetLineFromName64
SymEnumerateSymbols
SymEnumerateModules64
UnMapAndLoad
UpdateDebugInfoFile
MakeSureDirectoryPathExists
ImageRvaToVa
SymGetSymPrev64
ImageDirectoryEntryToDataEx
SymGetLineFromAddr64

admparse

DllMain
IsAdmDirty
ResetAdmDirtyFlag
AdmSaveData

Sections

UPX1
Size: 1024B - Virtual size: 945B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vg
Size: 1024B - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gzmtb
Size: 1KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kCEYOG
Size: 2KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tQd
Size: 4KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 91KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Xiwcux
Size: 4KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 126KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qGo
Size: 2KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ea07573bbf17bbb45a584f096eafac

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

imagehlp

admparse

Sections

UPX1 Size: 1024B - Virtual size: 945B

.Vg Size: 1024B - Virtual size: 192KB

.gzmtb Size: 1KB - Virtual size: 168KB

.text Size: 17KB - Virtual size: 17KB

.kCEYOG Size: 2KB - Virtual size: 469KB

.rdata Size: 3KB - Virtual size: 14KB

.tQd Size: 4KB - Virtual size: 921KB

.edata Size: 91KB - Virtual size: 161KB

.Xiwcux Size: 4KB - Virtual size: 239KB

.data Size: 7KB - Virtual size: 340KB

.edata Size: 126KB - Virtual size: 181KB

.qGo Size: 2KB - Virtual size: 357KB

.rsrc Size: 5KB - Virtual size: 4KB

UPX1
Size: 1024B - Virtual size: 945B

.Vg
Size: 1024B - Virtual size: 192KB

.gzmtb
Size: 1KB - Virtual size: 168KB

.text
Size: 17KB - Virtual size: 17KB

.kCEYOG
Size: 2KB - Virtual size: 469KB

.rdata
Size: 3KB - Virtual size: 14KB

.tQd
Size: 4KB - Virtual size: 921KB

.edata
Size: 91KB - Virtual size: 161KB

.Xiwcux
Size: 4KB - Virtual size: 239KB

.data
Size: 7KB - Virtual size: 340KB

.edata
Size: 126KB - Virtual size: 181KB

.qGo
Size: 2KB - Virtual size: 357KB

.rsrc
Size: 5KB - Virtual size: 4KB