f7feac56224ef3b90bf09ef0092928d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7feac56224ef3b90bf09ef0092928d5_JaffaCakes118
Size

104KB
MD5

f7feac56224ef3b90bf09ef0092928d5
SHA1

3e45dab4b35dd909a64907311daf0c450a26bb44
SHA256

9e7ab6fbd255ba3ba37703dccc35c5c4ce2b2d75b762ac4043574219db01d61e
SHA512

077ff117a8668f9dceb0a30eddcdf4cf4552e3358aa837178d79299aa1f20a8088e58a6500c6c94b6645a98b7375c4824ea1f97ff50748f5195958dc4606d10e
SSDEEP

192:a2Pxn5UZMTZipyacMhugRK8hlI2Pxn5UZMTZipyaw4ZkKP6Yk:RPx5UZkIyacwuCDzPx5UZkIyaF3yn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7feac56224ef3b90bf09ef0092928d5_JaffaCakes118

Files

f7feac56224ef3b90bf09ef0092928d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE