ea2568e82e79736dcffb4ee2a2df65e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea2568e82e79736dcffb4ee2a2df65e0_JaffaCakes118
Size

23KB
MD5

ea2568e82e79736dcffb4ee2a2df65e0
SHA1

6e05fa76c288b4f6ed007c59c2bb9c9d7296b8e3
SHA256

493be600d013213a5b0cf1027f6fb28974f0ad1d3acaf089f5f186147394e719
SHA512

cc41fb70cb894d23a4b05f946bac9b206a8836260c48e7e80900eece7918724b6a31cf51e69ed4e41597e90df38509ac6dc68202e4a7e11c20b3678caca2602e
SSDEEP

384:XuR7MVZ/Zg4Y5+eklv6bqOUQ4GAtyqJV+fJUx:5VZ/DMzKv6mOX4Gcgf6x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea2568e82e79736dcffb4ee2a2df65e0_JaffaCakes118

Files

ea2568e82e79736dcffb4ee2a2df65e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0419e4d58b47e3022a14842eb57f3a03

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetVolumeInformationA
Sleep
GetWindowsDirectoryA
CloseHandle
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
GetCurrentProcess
SetPriorityClass
SetProcessPriorityBoost
GetCurrentThread
SetThreadPriority

advapi32

RegCreateKeyA
RegQueryValueExA
GetUserNameA

msvcrt

__CxxFrameHandler
_EH_prolog
_findclose
_findnext
strcat
_chdir
_findfirst
fclose
??3@YAXPAX@Z
fread
sprintf
ftell
fseek
fopen
atoi
time
strlen
strcpy
strstr
fwrite
_ltoa
strcmp
tolower
strncpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_itoa
??2@YAPAXI@Z
memcpy

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
SHChangeNotify

wsock32

inet_ntoa
htons
inet_addr
socket
connect
shutdown
closesocket
setsockopt
send
recv
WSAStartup
WSACleanup
gethostname
gethostbyname

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE