fea644e5e1b211b700d1da272c5ed585_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fea644e5e1b211b700d1da272c5ed585_JaffaCakes118
Size

275KB
MD5

fea644e5e1b211b700d1da272c5ed585
SHA1

8d5cbcabba7226a6bbac8dafa2a75f1cc48ad19f
SHA256

646b03dffc66ba88ea0bb03c9d469d72531dc3029a1b6b5ab8c8903df08d7166
SHA512

29265f17e8959254ab00122e9d918dc4f9ef0ac02b8a196731c85fc0be3943b5beb17a28f0e9e37cb33105cc77646260de84bba80f27070f53be40cdb95f8084
SSDEEP

6144:R7TuhcOXRWQDPEmeUevmL/J8LHs9KgTp4JXZlLL5f8:puXXRWQDPXLx8LHmyJX/L5k

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fea644e5e1b211b700d1da272c5ed585_JaffaCakes118

Files

fea644e5e1b211b700d1da272c5ed585_JaffaCakes118
.exe windows:5 windows x86 arch:x86

62eff7372d5dd753b9ee333f0f3b453c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SYSCORE4\BUILD\SYSCore\release\mfevtps.pdb

Imports

psapi

GetModuleInformation
GetMappedFileNameW
EnumProcessModules

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorDacl
GetTokenInformation
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
InitializeSecurityDescriptor
SetServiceObjectSecurity
RegOpenKeyW
RegCreateKeyExW

sfc

SfcIsFileProtected

kernel32

EnterCriticalSection
CreateEventW
SetEvent
CloseHandle
CreateThread
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetCurrentThread
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetFileAttributesExW
GetSystemWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetVersion
GetVersionExW
OpenProcess
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetFilePointer
WriteFile
ReadFile
VirtualProtect
IsBadReadPtr
SetLastError
GetModuleHandleW
GetModuleFileNameW
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
LeaveCriticalSection
TlsAlloc
TlsSetValue
TlsGetValue
TerminateProcess
FindFirstFileW
DebugBreak
HeapAlloc
HeapFree
RaiseException
GetVersionExA
HeapReAlloc
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
OutputDebugStringA
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
WaitForSingleObject
DeviceIoControl
GetLastError
FindClose
GetCurrentThreadId
GetStdHandle

ntdll

_wcsnicmp

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62eff7372d5dd753b9ee333f0f3b453c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

advapi32

sfc

kernel32

ntdll

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 26KB - Virtual size: 34KB

.bldvar Size: 512B - Virtual size: 19B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 26KB - Virtual size: 34KB

.bldvar
Size: 512B - Virtual size: 19B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

UPX0
Size: 144KB - Virtual size: 380KB