cdb79a0be40aed214d1269209c060cf1_JaffaCakes118 | Triage

Sharing

General

Target

cdb79a0be40aed214d1269209c060cf1_JaffaCakes118
Size

112KB
MD5

cdb79a0be40aed214d1269209c060cf1
SHA1

3a50ab6d1ff40ec7a4bbc024f96b2dd4890012ec
SHA256

6a5993c71c12388eddb4224696450701eca298f4063a6d33de1b13f4eae32801
SHA512

341aad59d46a1a9e6c08de8be5ee7d2b4970cb0554be66d018a7db06029acddf4ce806309abcdaf60a4044daf8507e918e7e82d4ed83afad28440e5e97d5da92
SSDEEP

768:vDw1RFtrJ9Qhtn2L75RDw1RUTPESth3O2:votri2jpbFtpO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb79a0be40aed214d1269209c060cf1_JaffaCakes118

Files

cdb79a0be40aed214d1269209c060cf1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d028ed91d908ca3f4bdbbbb8a346d246

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
HeapAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
CopyFileA
WriteFile
HeapFree
CreateFileA
SetFilePointer
GetFileSize
ReadFile
EnterCriticalSection
HeapReAlloc
LeaveCriticalSection
TlsFree
GetLastError
SetLastError
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore

msvcrt

memset
strcmp
memmove
memcpy
strncpy
strlen

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE