5711c95365ee8d193d7e9f0c32ae9d18_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5711c95365ee8d193d7e9f0c32ae9d18_JaffaCakes118
Size

351KB
MD5

5711c95365ee8d193d7e9f0c32ae9d18
SHA1

6258b3c7f9ab23fdc4f0df350899cd3b89c42f66
SHA256

ed53b2d1b6d9286022571b916ee31bfcb7a4f8963fc0e565a91693b5490d0385
SHA512

e420f8dd9ab4417355e6c7d941dc69f013728b1929c0ee452ab1f10e2970ac3cf36f9e2ace45ba6790a61118ec08d7fac1c2567e48eebaf45231db339330cdb1
SSDEEP

3072:qL6ATbyywSem+QKcCG/6yot8r2n06k3SY:86rWCGCyoO6Q3SY

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5711c95365ee8d193d7e9f0c32ae9d18_JaffaCakes118

Files

5711c95365ee8d193d7e9f0c32ae9d18_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

de623ac3e8a573c6683e1987a8b8435b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeThread
DisableThreadLibraryCalls
GetWindowsDirectoryA
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetVersionExA
WaitForSingleObject
GetCurrentThreadId
TerminateThread
FlushInstructionCache
GetCurrentProcess
FreeResource
GlobalHandle
LockResource
GlobalUnlock
GlobalLock
ExitThread
GetLocalTime
GetSystemDirectoryA
GetTickCount
CreateFileA
CreateDirectoryA
GetLastError
LoadLibraryA
WriteFile
LocalAlloc
DeleteFileA
GetProcAddress
CopyFileA
TerminateProcess
FreeLibrary
OpenProcess
lstrcpynA
CloseHandle
lstrcmpiA
GlobalAlloc
CreateThread
Sleep
lstrcatA
lstrcmpA
GlobalFree
EnterCriticalSection
OutputDebugStringA
lstrcpyA
IsDBCSLeadByte
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA

gdi32

SetTextColor
GetStockObject
GetDIBits
SetBkColor
GetObjectA
CreateSolidBrush
SetBkMode
DeleteObject
SelectObject
GetDeviceCaps
Rectangle
BitBlt
CreateCompatibleDC
DeleteDC
CreateRectRgnIndirect
DeleteMetaFile
CreateCompatibleBitmap
RestoreDC
SetWindowExtEx
CloseMetaFile
SaveDC
CreateMetaFileA
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportOrgEx
SetViewportExtEx
CreateDCA

msvcrt

strcmp
free
realloc
malloc
time
srand
rand
_ftol
pow
strchr
strrchr
fopen
fwrite
fclose
strstr
_CxxThrowException
atoi
_ismbcdigit
_mbsnbcmp
_purecall
memcmp
_mbclen
vsprintf
_mbsrchr
memmove
_mbsinc
memset
_mbsupr
_mbschr
__CxxFrameHandler
wcslen
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_mbscmp
_itoa
abs
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strlen
sprintf

ole32

OleInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CreateOleAdviseHolder
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CreateStreamOnHGlobal
OleRegGetMiscStatus
OleRegEnumVerbs
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
OleRegGetUserType
CreateDataAdviseHolder

oleaut32

rasapi32

RasDialA
RasGetEntryPropertiesA
RasEnumDevicesA
RasSetEntryPropertiesA
RasGetErrorStringA
RasGetConnectStatusA
RasHangUpA
RasEnumConnectionsA

shell32

ShellExecuteA

urlmon

CreateURLMoniker

user32

CharUpperBuffA
SendMessageA
GetKeyState
GetParent
IsChild
GetWindow
GetFocus
SetWindowLongA
CreateDialogIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
FindWindowA
GetWindowThreadProcessId
GetWindowRect
GetNextDlgTabItem
OpenClipboard
GetClipboardData
CloseClipboard
GetOpenClipboardWindow
GetDC
LoadStringA
CharLowerA
SetWindowTextA
EnableWindow
IsWindow
MessageBoxA
IsDialogMessageA
UnionRect
PtInRect
EnumWindows
GetWindowTextLengthA
GetDlgItem
GetDesktopWindow
GetWindowTextA
GetClassNameA
EnumChildWindows
wsprintfA
EqualRect
OffsetRect
CallWindowProcA
CharNextA
ShowWindow
DrawTextA
GetSysColor
SetTimer
KillTimer
GetSystemMetrics
GetDlgItemTextA
DialogBoxParamA
MoveWindow
EndDialog
SetDlgItemTextA
SetActiveWindow
PostMessageA
IntersectRect
SetFocus
GetWindowLongA
SetWindowRgn
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
ReleaseDC

wininet

InternetSetOptionA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ManageExitPopup
ManageMC
SpecialFunc

Sections

UPX0
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de623ac3e8a573c6683e1987a8b8435b

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

msvcrt

ole32

oleaut32

rasapi32

shell32

urlmon

user32

wininet

Exports

Exports

Sections

UPX0 Size: 328KB - Virtual size: 328KB

.rsrc Size: 16KB - Virtual size: 20KB

.avp Size: 5KB - Virtual size: 8KB

UPX0
Size: 328KB - Virtual size: 328KB

.rsrc
Size: 16KB - Virtual size: 20KB

.avp
Size: 5KB - Virtual size: 8KB