10534d8491014aae0272e45ad4d26e90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10534d8491014aae0272e45ad4d26e90_JaffaCakes118
Size

130KB
MD5

10534d8491014aae0272e45ad4d26e90
SHA1

dd9a7bd7ba0f6c797b416b397bcf24d5f5dbe89f
SHA256

0870dcdd0b936b722de257962fad710002947dea4a44aed7ebb7054c290caf6d
SHA512

23d8a198e8ec591212c8733d6a014353f977fa8bd9a7cf7c126b165b378d170dd77c0d570e0bc44557cdc9670e8a322a0bbdebe94aece8499cb097a637746c29
SSDEEP

3072:6jm+WSyOUNaU5DyCmqyk0mV/9sWrRxQkQ:6jm+4Nagmc0mHNWz

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10534d8491014aae0272e45ad4d26e90_JaffaCakes118

Files

10534d8491014aae0272e45ad4d26e90_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2177b2d4c7bafaa0bb632399cea8abb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
HeapAlloc
lstrcmpiA
EnterCriticalSection
GetVersionExA
CreateDirectoryA
GetFileAttributesA
GetWindowsDirectoryA
HeapCreate
InitializeCriticalSection
CopyFileA
GetModuleFileNameA
HeapDestroy
DeleteCriticalSection
GetLocalTime
MultiByteToWideChar
DeleteFileA
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
GetProcAddress
ReleaseMutex
WriteFile
SetFilePointer
WideCharToMultiByte
GetLastError
LeaveCriticalSection
RtlUnwind
ReadFile
GetFileSize
LoadLibraryA
CreateMutexA
FreeLibrary
HeapReAlloc
Sleep
GetTickCount
GetThreadLocale
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
CreateFileA
GetFileTime
FileTimeToSystemTime
lstrcmpA
CloseHandle
lstrcatA
FindResourceA
SizeofResource
LoadResource
LockResource
lstrlenA
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
lstrcpynA
HeapFree
HeapValidate
lstrlenW
SetEndOfFile
GetProcessHeap

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

comctl32

gdi32

GetObjectA
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectA
GetStockObject

ole32

CoTaskMemFree
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA
ExtractAssociatedIconA
Shell_NotifyIconA
SHAppBarMessage

urlmon

URLDownloadToCacheFileA

user32

RegisterClassExA
SetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetSysColor
CallWindowProcA
SetFocus
IsChild
GetFocus
ReleaseDC
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRgn
EnableWindow
GetActiveWindow
DialogBoxParamA
EndDialog
GetDlgItemTextA
PostMessageA
LoadStringA
DestroyIcon
TrackPopupMenuEx
SetForegroundWindow
GetSubMenu
LoadMenuA
SetDlgItemTextA
CheckDlgButton
SetWindowRgn
UpdateWindow
EnumWindows
LoadCursorA
GetClassInfoExA
GetWindow
CharUpperBuffA
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowPos
CharLowerBuffA
PeekMessageA
GetMessageA
GetCursorPos
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
MessageBoxA
ShowWindow
KillTimer
GetDC
InvalidateRect
LoadIconA
SendMessageA
GetDlgItem
SetTimer
CreateDialogParamA
IsWindow
IsWindowVisible
BeginPaint
EndPaint
DestroyWindow
PostQuitMessage
GetClientRect
FillRect
IsDialogMessageA
RegisterWindowMessageA
GetWindowLongA
IsDlgButtonChecked
IsWindowEnabled
CharNextA
wsprintfA
DispatchMessageA
TranslateMessage
GetParent

wininet

DeleteUrlCacheEntry

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2177b2d4c7bafaa0bb632399cea8abb

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

ole32

oleaut32

shell32

urlmon

user32

wininet

Sections

UPX0 Size: 120KB - Virtual size: 120KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 4KB - Virtual size: 8KB