f6ce3564a50bc1fd585d67d2f4a6be32_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6ce3564a50bc1fd585d67d2f4a6be32_JaffaCakes118
Size

203KB
MD5

f6ce3564a50bc1fd585d67d2f4a6be32
SHA1

dd099c65a89a335b44eccc58a2a3e6fd0693b04e
SHA256

5a902d9af473eba521c90e79ea6eb169a3a0fe67e81da5d644b1bccdf2a06cb6
SHA512

65d3a87bad46ced5907487bed74533c60fda0e2c3c86d6fa7e6a9dd58371d3c76c4f99f8a6786c7c156add224d6e94dca9a9fc673770a0cab091d83b302ffc4e
SSDEEP

3072:KnDZx0yBK8w45xgj7YzJXEYGIo60CxRc0Gf:KDZx0yDwCx+YFXbODf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6ce3564a50bc1fd585d67d2f4a6be32_JaffaCakes118

Files

f6ce3564a50bc1fd585d67d2f4a6be32_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8a0c4e0ccb6b8f7e56c8eb6577da59eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
CopyFileA
VirtualAlloc
DeleteFileA
MoveFileA
FindResourceA
SizeofResource
LoadResource
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
Sleep
GetUserDefaultLangID
GetProcessHeap

mfc42

msvcrt

_adjust_fdiv
malloc
_initterm
calloc
free
strlen
realloc
__CxxFrameHandler
memset
_mbscmp
strcmp
rand
memcpy
_strlwr
_stricmp

user32

MessageBoxA

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE