0e17087c7a36147e9fd6aed115ea4770_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e17087c7a36147e9fd6aed115ea4770_JaffaCakes118
Size

1.1MB
MD5

0e17087c7a36147e9fd6aed115ea4770
SHA1

3d6bbe8163a48e051f32b4a20c16b33f9a51d8aa
SHA256

c852003b7434025ca62d1f470c327fee2187614d5f3fb746e7a066953edb9127
SHA512

43c90e3a8a0bc64c100bd9bc1689171be1786e26ea5ce65ea66768f4e52486d5f03d9a52ca1171ad7356632e4e415c349d7a961740aa55822005630326b31e70
SSDEEP

12288:SD7YTD5nvaThd0yWi+V5B+Wa/EmY7eNt1N8Iu:SfYTD5niThdeGEkT

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e17087c7a36147e9fd6aed115ea4770_JaffaCakes118

Files

0e17087c7a36147e9fd6aed115ea4770_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92afa4ea53a8d09060ddaa865530eaba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_37

D3DXLoadMeshFromXInMemory
D3DXVec3TransformCoord
D3DXQuaternionRotationMatrix
D3DXVec3Normalize
D3DXMatrixInverse
D3DXQuaternionMultiply
D3DXCreateEffect
D3DXMatrixRotationQuaternion
D3DXMatrixLookAtLH
D3DXMatrixOrthoOffCenterLH
D3DXCreateEffectFromResourceW
D3DXMatrixPerspectiveFovLH
D3DXMatrixTransformation2D
D3DXCreateFontW
D3DXGetFVFVertexSize
D3DXComputeBoundingSphere
D3DXMatrixTranslation
D3DXMatrixRotationY
D3DXMatrixRotationX
D3DXCreateTextureFromResourceW
D3DXCreateSprite
D3DXLoadMeshFromXResource
D3DXComputeNormals
D3DXMatrixMultiply

kernel32

SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
SetThreadExecutionState
Sleep
GetLastError
GetModuleFileNameW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
lstrlenW
GetVersionExA
GetFileAttributesW
ExpandEnvironmentStringsW
WriteFile
CreateDirectoryW
ReadFile
CreateFileW
GetModuleFileNameA
GetStdHandle
GetOEMCP
GetACP
GetCPInfo
WriteConsoleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
RtlUnwind
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
LoadLibraryA
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
CreateFileA
IsDebuggerPresent

user32

GetForegroundWindow
SetCursorPos
PtInRect
SetCapture
ReleaseCapture
DialogBoxIndirectParamW
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
EnableWindow
EndDialog
SetWindowTextW
LoadIconW
SetDlgItemTextW
SystemParametersInfoA
EnumDisplaySettingsW
GetMonitorInfoW
PeekMessageW
TranslateAcceleratorW
DispatchMessageW
DestroyAcceleratorTable
LoadCursorW
RegisterClassW
SetRect
CreateWindowExW
ScreenToClient
DestroyMenu
DestroyWindow
UnregisterClassW
GetCursorPos
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetMenu
GetWindowPlacement
GetMenu
SetWindowPlacement
IsIconic
AdjustWindowRect
IsZoomed
IsWindowVisible
ShowWindow
PostQuitMessage
SetCursor
GetClassLongW
GetWindowRect
ClipCursor
SendMessageW
GetSystemMetrics
MessageBoxW
GetClientRect
SystemParametersInfoW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetIconInfo
GetDC
ReleaseDC
SetWindowPos
TranslateMessage

gdi32

GetStockObject
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
GetDIBits
GetObjectW

shell32

SHGetFolderPathW
CommandLineToArgvW
ExtractIconW
ShellExecuteW

comctl32

ord17

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92afa4ea53a8d09060ddaa865530eaba

Headers

File Characteristics

Imports

d3dx9_37

kernel32

user32

gdi32

shell32

comctl32

Sections

.text Size: 184KB - Virtual size: 181KB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 572KB - Virtual size: 569KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 184KB - Virtual size: 181KB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 572KB - Virtual size: 569KB

.UPX0
Size: 108KB - Virtual size: 260KB