543cc97fe8dc59ec25a190d50b341021_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

543cc97fe8dc59ec25a190d50b341021_JaffaCakes118
Size

1.1MB
MD5

543cc97fe8dc59ec25a190d50b341021
SHA1

40f9d58fc871eb18c58d3ea788aa05009ddba88c
SHA256

ab24fe77ccf21198a82b859265185400f8d67885c74cd1e69d8ca85f32f10fbe
SHA512

b0867185458b358794c07152ce364a3ebfbf47d413293f1985f9d4c42525e2aa3f3b332247f5e0b4a113a29a56905a513c95719e1279e4ed6e0fe0c405346c29
SSDEEP

24576:tarATx+lc81LP2NcdN6iaoG1B5JLnZNTtrVFzbqoc:tarflZ1L+sS5JLrTtr

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
543cc97fe8dc59ec25a190d50b341021_JaffaCakes118

Files

543cc97fe8dc59ec25a190d50b341021_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29f33ed7c8d4afe63f86b52dd8b66dab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

AngleArc
Arc
ArcTo
BitBlt
Chord
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EnumFontFamiliesA
ExtFloodFill
GetDeviceCaps
GetNearestColor
GetObjectA
GetPixel
GetStockObject
GetTextExtentPoint32A
LineTo
MoveToEx
Pie
PolyBezier
PolyBezierTo
Polygon
Polyline
PolylineTo
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetPixel
SetPixelV
SetROP2
SetTextColor
TextOutA

kernel32

AddAtomA
Beep
CloseHandle
CreateFileA
CreateFileMappingA
CreateMutexA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindAtomA
FindFirstFileA
FindNextFileA
FindResourceA
FlushViewOfFile
FreeLibrary
GetAtomNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLargestConsoleWindowSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStdHandle
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LockFile
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadProcessMemory
ReleaseSemaphore
RemoveDirectoryA
ScrollConsoleScreenBufferA
SetConsoleCursorPosition
SetConsoleMode
SetConsoleWindowInfo
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnmapViewOfFile
WaitForSingleObject
WinExec
WriteConsoleOutputA
WriteFile
WritePrivateProfileStringA
lstrcmpiA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_controlfp
_errno
_filelengthi64
_fileno
_fmode
_fpreset
_get_osfhandle
_iob
_isctype
_onexit
_pctype
_setmode
_stricmp
abort
atexit
calloc
exit
fclose
fflush
fgetpos
fgets
fopen
fprintf
fread
free
freopen
fsetpos
ftell
fwrite
malloc
mbstowcs
memcpy
memmove
memset
printf
rand
realloc
setvbuf
signal
sprintf
srand
strcat
strcmp
strcpy
strlen
strtod
toupper
wcslen
wcsncmp

ole32

CoTaskMemFree

psapi

GetModuleFileNameExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

user32

AppendMenuA
BeginPaint
BringWindowToTop
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawFocusRect
DrawMenuBar
DrawTextA
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumThreadWindows
FillRect
FindWindowA
FindWindowExA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetIconInfo
GetKeyState
GetMenu
GetMessageA
GetParent
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
InflateRect
InsertMenuA
InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapWindowPoints
MessageBoxA
ModifyMenuA
MoveWindow
PeekMessageA
PostMessageA
PostQuitMessage
RedrawWindow
RegisterClassA
RegisterClassExA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetParent
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
MessageBoxA

Exports

Exports

�n�X��RgЛ��N��j�d��,Nՙ�/`�O�]�P� 'R�/�Ũ�*%Z+�,t@=iT��],{ߒU�?�[q͙��M-I�qQ_{e��ѯ��@nG&c��h�$��S�FL��^ Ǵt��2�J��7�9|��Mb��IE��;��хE�V6��q��+�gat�ɯ�2@#v�q�;�aŶ�-��w, �}�52��~��\c�C`�SեZ��,G��ؑY��>,p��(��\�V��_�l,"��n��8�Mq7��Q!��e9�󮢇��j�q#��ÎL�74 ��Có��+L��1u��l:�y[�k�1\�᠞��d�˷��:N=��+��گ�-�uVJwg G��q}Z�K��<J�wu|N{��.�b�nmrV4�'��"�� 1��O��d4�qblLq��Ro��y�hI�͌#N��X6��}"�з�1�%v�:�=]ǻ��|�͑�2�q��Ϣ. ��5��Ë�xC��.�[_��Ͷ�-yw�#�5�hQ�e��ֶ��PeTt��?��^�7�Ww�r��Ԯ��U�vw�v��>a��.��N��z:�WL�F��6T]Jtd��J�M*� �&��C�&�:�D��_fԱ��qHx�G�6��]��',�{�{9�#<b�2��,fG)��=n��܏d?b3��KMC?ѹ5,�k��jeVjj��M��,l��|�j��m�tO�Gw�wEa�Y0-�\��D��d�A��6�#$. ��3-�eϟ�d�DiH�7��h1|,)I淆�:��Oʲ�p�Ʋ��P�*�-b�|@� Ԉ�� ]�� <3��m��6J�ͭ��񳖄X��Kƈz��q�|��-<#:!��f��/_��j�̤�l�&Ԑ�3.ܫD�2�0��AN��Y�,�(�2TpED��3�β��'+b ��=X��-¡0Ax�EBGځd�|AaV�@��/�"(��<��lϯ��V�Ϝf�}��K��[2�D�$�}V�d��N|��$�`�璾�2n�A��hL -�o�,�HKaq�H K>�vܤ!3��^r[r��0�]Fx�+�p�Qzx�6m�gv�ƘM��^1�1�J�D �f�>C>��X��)vf1L�ft �^�t)d��W��,��e�V!�͙�[ݱ�{"�Z��+�t��)}��%ƕ�� z��b��P�_I~��#0�d/l�/�r��`�� ?�0�;A2�`C�"CIYc!h>�#I�=�ś0�?��%; �`j6ӿpE8�,�Y&��o�d�u�`��O &8�(��Q��{�y��#I��}$w��H.�4nv�\�х��Qn9�g+I�@t�B��dR��_��^G��}P��I��Q�ѿ�(��<��»��d��$��p�~��F�>�>-�3*�y[�@��,�WIАa��s�f{�ǣ�γ�&.Tg�;��!K��<�=\m��Π�HPmd.�N��S}�pU��@{�SN��Q�/VB�aĪmo�_P�Qv&�#��f�y� �E]�%֫��)� D��Z�P��Mj꓊��(z~֒�d�Ĥ?2�&#��\�T��N)z�� ;�p�7W��|��V]�� na�u�*� �U{5��V��6�E�[��,1��w׬��L��j��0�O�w��qm�A��)ReMn��l�b��Rm��1E�� ,�^A[ͅd/n h]W��2>�<r�WI��$!��S1�G�{�ZN�&Y$�)�+��/� �mpms�T�*��F��a8T��U@��j��,��c=�+��l�`"�!o��w��Z�S��*D�:��fe�|zv��%�q�P/�G�"��h,�v�G0��i��b?�F�D�� |��+��&0��_&�Wj�1j��6~ ��d��4+Zp�B>=~:��~|��#��8��h��f�i��uK[�Z�2��OV�I}g+��ֳ%�� &��,~>�/�+�P4m�^S/��h��u�prI�w��?\Omx�lu넇"$��j��O�+��#Bė�@<Г�>b�ldTr��ԃ��$�*�3��{+k��H�e��[��g�Q��!(�s�E[��m�F��/l�B}�`#V��"'��JF��pz?�b��!��^U��lp��)�É��'~ӝϰ��F$��[k��J�Vg��N��ۼ3��2�(t�|�{��!�E�T��D� k]sן;��1%s��B��8�% o��I�K|ʝ�|�GA�}�1�z�v�u�țr�P%X3�K��g55��n{3n�G��D�kx�ġa�V��z��{z9�mVZ�ɛB<�-�Gɠ*�X��a��uM��|�h/��A�l�T2�pE�⃋U< TLou��+��d��?dSw2S�b{�-˰��>n�;оӮ�CzƬ;��AeAO�:��ʌ��aTO��i��|��ާGd��5ˣ�W(��9�g�Tz��I��}��8�� I,�G��z�1�7�q�I �:�N�w� �Yp]�G�ҕ��:�EeiH��(#�i}?>�l�@0��.}�M0RK�mh�<�8�kP.�]d�Ř��U罖�X��'��>|L^u��ܗ>*?��A�(VH��u�;9V�O3RO܀WUS1��m贤Uk6>��a,P!g�֘v�Q��ao ȏ�T�\GW2u��G,��!��ȥ�orXD�E>��|go�j� �H.k��܅&��F��D�i��U�(�� 1��!�#�s�.�:s��ß�;

Sections

.text
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29f33ed7c8d4afe63f86b52dd8b66dab

Headers

File Characteristics

Imports

comdlg32

gdi32

kernel32

msvcrt

ole32

psapi

shell32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 160KB

.data Size: - Virtual size: 322KB

.rdata Size: - Virtual size: 1KB

.bss Size: - Virtual size: 45KB

.idata Size: - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 8KB

.UPX0 Size: - Virtual size: 651KB

.tls Size: 512B - Virtual size: 24B

.UPX1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 224B

.text
Size: - Virtual size: 160KB

.data
Size: - Virtual size: 322KB

.rdata
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 45KB

.idata
Size: - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 8KB

.UPX0
Size: - Virtual size: 651KB

.tls
Size: 512B - Virtual size: 24B

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 224B