12282083e3f92be08e6722ffaee0ea30_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

12282083e3f92be08e6722ffaee0ea30_JaffaCakes118
Size

462KB
MD5

12282083e3f92be08e6722ffaee0ea30
SHA1

1354a40c069223d0faf1f6689a3e535482059c09
SHA256

02a2c477b7f7dc047996af9f216b48bf98c9bfcf9c5d864538cacb2aaaead001
SHA512

6a76b71788a05c413d670a15bd394323799e6cff3597550ff997440ab8bf1cafd533c49fa426f6fdb940f648536b0010d4fff75c29e3d2c31000307bdd752a8a
SSDEEP

3072:989NjmC3TvNj00OUGJkV6idifp1J4x/DZMhgniqcA:98bmC3TvQUYJ4xqfh

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12282083e3f92be08e6722ffaee0ea30_JaffaCakes118

Files

12282083e3f92be08e6722ffaee0ea30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c02305cd3f776a21cd9bfa6500d78843

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetWindowsDirectoryA
GetUserDefaultLangID
ReadFile
CreateDirectoryA
GetProcAddress
CopyFileA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
OpenProcess
TerminateProcess
lstrcatA
MultiByteToWideChar
GetCommandLineA
GlobalAlloc
GetLastError
GlobalFree
CreateMutexA
GetCurrentThreadId
DeleteFileA
lstrlenA
WaitForSingleObject
SetEvent
CreateEventA
GetFileAttributesA
LocalAlloc
LocalFree
GetLocaleInfoA
SetFilePointer
CreateFileA
lstrcpyA
CloseHandle
ReleaseMutex
GetLocalTime
ExpandEnvironmentStringsA
SystemTimeToFileTime
ExitProcess
CompareStringW
CompareStringA
RtlUnwind
HeapSize
VirtualQuery
GetSystemInfo
VirtualProtect
LoadLibraryA
FlushFileBuffers
GetCurrentProcessId
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
GetCurrentProcess
SetStdHandle
GetStdHandle
SetHandleCount
SetEndOfFile
GetTimeZoneInformation
WideCharToMultiByte
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
Sleep
SetEnvironmentVariableA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

gdi32

CreateFontIndirectA
DeleteObject
CreateFontA
CreateSolidBrush
GetObjectA
GetDeviceCaps
GetStockObject
SetTextColor
SetBkColor
GetTextMetricsA

ole32

CoCreateInstance
CoInitialize

rasapi32

RasGetProjectionInfoA
RasEnumDevicesA
RasDeleteEntryA
RasSetEntryPropertiesA
RasDialA
RasHangUpA
RasGetErrorStringA
RasEnumConnectionsA
RasGetConnectStatusA

shell32

SHChangeNotify
ShellExecuteA
ShellExecuteExA
SHFileOperationA

user32

DispatchMessageA
LoadAcceleratorsA
SetWindowsHookExA
TranslateAcceleratorA
GetScrollInfo
SetWindowLongA
TranslateMessage
SetFocus
CharUpperA
CallNextHookEx
GetMessageA
GetScrollPos
FindWindowA
GetWindowThreadProcessId
LoadIconA
LoadCursorA
RegisterClassA
GetClientRect
CreateWindowExA
DefFrameProcA
DefWindowProcA
DefDlgProcA
DefMDIChildProcA
GetMenu
EnableMenuItem
SendMessageTimeoutA
IsWindow
IsWindowVisible
PostMessageA
EnumChildWindows
GetDesktopWindow
GetWindowTextA
UpdateWindow
SendMessageA
MoveWindow
DialogBoxParamA
SetWindowTextA
GetSystemMetrics
UnhookWindowsHookEx
DestroyWindow
GetActiveWindow
SetTimer
GetWindowRect
KillTimer
GetParent
GetDC
MessageBoxA
GetWindowLongA
ReleaseDC
GetDlgItem
EndDialog
GetSysColor
SetWindowPos
ShowWindow

wininet

InternetOpenA
HttpSendRequestA
InternetSetStatusCallback
HttpEndRequestA
InternetGetConnectedState
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetReadFileExA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
InternetCanonicalizeUrlA
InternetCloseHandle

ws2_32

WSASocketA
WSASendTo
WSAEnumProtocolsA

Sections

UPX0
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c02305cd3f776a21cd9bfa6500d78843

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

rasapi32

shell32

user32

wininet

ws2_32

Sections

UPX0 Size: 440KB - Virtual size: 440KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 440KB - Virtual size: 440KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 4KB - Virtual size: 8KB