fc81a0c3c24270bdba2561beb6cc3bb9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fc81a0c3c24270bdba2561beb6cc3bb9_JaffaCakes118
Size

189KB
MD5

fc81a0c3c24270bdba2561beb6cc3bb9
SHA1

38cee2101ef22ebf9dd2babd75f5d547801e8db5
SHA256

ebb621a56eeda49d42756a45c67bb574e24d4364e1f9219c8e9f2ad8cea92496
SHA512

b1a248e58336c898cf1216628e864f94dd14bf5d44e7f9b9e1e8131246b624d5663a04ded931d3fc2507e894a7912886eabea7a28bf0056934cd52eabbc9ab11
SSDEEP

3072:GvNirQr2OrelD/D/uTWu1wb70I6CFIBEbchImEjftyODf7vE6ZoON:XtweVunM7XRMXETtY6Ow

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc81a0c3c24270bdba2561beb6cc3bb9_JaffaCakes118

Files

fc81a0c3c24270bdba2561beb6cc3bb9_JaffaCakes118
.exe windows:2 windows x86 arch:x86

8e96622940c5c21968d880746dfd6663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
OutputDebugStringW
OutputDebugStringA
lstrlenW
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
SetLastError
lstrcmpiW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
ReleaseMutex
SetEvent
Sleep
CreateMutexA
WaitForMultipleObjects
CreateEventA
CreateFileA
CreateProcessA
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
GlobalFree
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GlobalAlloc
GetLastError
WaitForSingleObject
GetConsoleMode
SetFilePointer
InterlockedIncrement
GetCPInfo
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
ExitProcess
VirtualFree
HeapCreate
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsSetValue
VirtualAlloc
GetSystemTime

user32

CharNextW
IsWindow
PostMessageW
CharUpperW

winspool.drv

GetPrinterW
GetPrinterDataW
EnumPrintersW
GetPrinterDriverW
EnumPrinterDriversW
ClosePrinter
XcvDataW
OpenPrinterW
SetPrinterW
EnumPortsW

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
IsTextUnicode

ole32

CoCreateInstance
CoUninitialize
CoGetObject
StringFromGUID2

shlwapi

StrToIntExW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

cmutil

GetOSVersion

tapi32

lineBlindTransfer
lineBlindTransferW
internalCreateDefLocation
lineAddToConference
lineGetIconW
lineSetQueueMeasurementPeriod
MMCAddProvider
phoneGetHookSwitch
lineGetCountryA
lineHandoff
lineCompleteCall
lineSetAgentMeasurementPeriod
MMCGetLineInfo
lineGetProviderListA
lineGatherDigitsA
lineConfigDialogEditA
lineGetAddressStatusA
phoneConfigDialog
lineGetStatusMessages
phoneGetIconW
phoneGetID
lineInitializeExW
phoneGetDevCapsW
MMCGetDeviceFlags
lineGetAddressCapsW
MMCGetProviderList
lineGetAgentCapsW
phoneSetRing
lineParkA
MMCGetPhoneInfo
lineRemoveFromConference
lineInitialize
lineGatherDigitsW
lineGenerateDigitsA
phoneSetVolume
LocWizardDlgProc
lineTranslateDialog
tapiGetLocationInfoW
lineGetAgentGroupListW
phoneGetIDW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e96622940c5c21968d880746dfd6663

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

ole32

shlwapi

setupapi

cmutil

tapi32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

UPX0 Size: 3KB - Virtual size: 31KB

UPX1 Size: 512B - Virtual size: 15KB

.data Size: 140KB - Virtual size: 281KB

UPX2 Size: 512B - Virtual size: 49KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

UPX0
Size: 3KB - Virtual size: 31KB

UPX1
Size: 512B - Virtual size: 15KB

.data
Size: 140KB - Virtual size: 281KB

UPX2
Size: 512B - Virtual size: 49KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 8KB