f6707d3a04317e24d9af88a2bfe6b664_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6707d3a04317e24d9af88a2bfe6b664_JaffaCakes118
Size

136KB
MD5

f6707d3a04317e24d9af88a2bfe6b664
SHA1

ec987754c19f621ae36f9a46cee9ae0a9180b044
SHA256

13ccc1c4cdc28ca962c2c5d0d4166a8e4ee6980217b7bbed9e1adb7c57f147d6
SHA512

dd76bb6ad68e956d3f8d9cbe8bac5969ab6f159eac092b8939d0af54a5f74b799fed963276ec95754738c14587feb0a53fc417f6b4f3b4a3e46d14249e2241b0
SSDEEP

3072:bC6KWYAnqoPxPJtGErovs2OUVzz4J+DA7dgCTGK310ur7n18MCaPEHJ6w9:O6K3kBPJ4uoElwz4J+M7dgK9r7n1J/PK

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6707d3a04317e24d9af88a2bfe6b664_JaffaCakes118

Files

f6707d3a04317e24d9af88a2bfe6b664_JaffaCakes118
.exe windows:5 windows x86 arch:x86

75ddfc7ddb7add840bd57bd74a27eccd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

shutdown.pdb

Imports

user32

SetFocus
MessageBoxW
ExitWindowsEx
RegisterClipboardFormatW
DialogBoxParamW
SetWindowTextW
GetDlgCtrlID
SetWindowLongW
CheckDlgButton
EnableWindow
IsDlgButtonChecked
wsprintfW
GetClassNameW
LoadStringW
WinHelpW
CallWindowProcW
EndDialog
GetWindowTextLengthW
GetDlgItem
GetWindowTextW
SendMessageW

ole32

CoCreateInstance
CoUninitialize
ReleaseStgMedium
CoInitialize

ntdll

NtInitiatePowerAction
_wtoi
DbgPrint
wcsncat
_chkstk
swprintf
_wcsicmp
wcscpy
wcscat
wcsncmp
wcsstr
NtPowerInformation
RtlAdjustPrivilege
wcslen
wcsncpy
RtlNtStatusToDosError

msvcrt

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3

advapi32

RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
LookupAccountSidW
RegDeleteValueW
ReportEventW
RegSetValueExW
DeregisterEventSource
RegCloseKey
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegConnectRegistryW
InitiateSystemShutdownExW
AbortSystemShutdownW
RegQueryValueExA
RegOpenKeyExA

kernel32

LocalFree
lstrcmpW
lstrcpynW
WriteFile
LoadLibraryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetConsoleCtrlHandler
GetEnvironmentVariableW
GlobalLock
GlobalUnlock
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
GetModuleHandleW
FormatMessageW
GetCurrentThread
GetLastError
GetCurrentProcess
GetStdHandle
lstrlenW
GetFileType
GetConsoleMode
WriteConsoleW
LocalAlloc
GetConsoleOutputCP
WideCharToMultiByte
lstrlenA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

75ddfc7ddb7add840bd57bd74a27eccd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ole32

ntdll

msvcrt

advapi32

kernel32

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

.UPX0
Size: 108KB - Virtual size: 260KB