00287b8bff00fd4d6524d8eb76c1b38d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00287b8bff00fd4d6524d8eb76c1b38d_JaffaCakes118
Size

87KB
MD5

00287b8bff00fd4d6524d8eb76c1b38d
SHA1

b1b18f7ae56512a18acc72bd279adad3748627b1
SHA256

19e74e4e91ea10f1530a1b76c6f8b6aabe776258698e717dba8ff93b552c9bb2
SHA512

378f3f790ad7776a9ace68d894e4dfd33dd2f1febe6cc8a6fc10d56181d9736984d06dfe179bedaf1352d583fc32f0a1062e4ade36314fa900b264c9db19d378
SSDEEP

1536:beGqw2XrSAKGDyRnctw97RjGXRXF6BK0GW2K/sDvhwSv1XNExARS2D:tqwu1DyRnctw9djGXCrySSzAAl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00287b8bff00fd4d6524d8eb76c1b38d_JaffaCakes118

Files

00287b8bff00fd4d6524d8eb76c1b38d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05c7df6d575c13faf78878f9450f3b20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX4
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ