6223f6288cd0e6528cc8d65a48845a90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6223f6288cd0e6528cc8d65a48845a90_JaffaCakes118
Size

199KB
MD5

6223f6288cd0e6528cc8d65a48845a90
SHA1

ad39abffab0c5bc0056c9044bce49b98919bfe25
SHA256

03d406573f0a673af2c9f95487370a423c7262a41131d409e6f5d7c9580b427b
SHA512

4e9f95717d18e01901dcd26d391c0ae4bd76ecab94767c307c949fb93282b541c9b9db9ff983cf48e3ddb15b6877c25864683097b84127795ddc9da5a4c253b9
SSDEEP

3072:LGkwY3HplpucPA3cOD7OwqgZq3ELxoutnwnDPFgcYj:LGkjHp/ucyZlTqExoSUycI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6223f6288cd0e6528cc8d65a48845a90_JaffaCakes118

Files

6223f6288cd0e6528cc8d65a48845a90_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Install
RunInstallA
RunUninstallA
ServiceMain
Uninstall

Sections

UPX0
Size: 125KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE