001b5d0377808a3984de13026717442a_JaffaCakes118 | Triage

Sharing

General

Target

001b5d0377808a3984de13026717442a_JaffaCakes118
Size

26KB
MD5

001b5d0377808a3984de13026717442a
SHA1

a43d5c81fb5d9613458b19f4924ef238b40fc478
SHA256

69adafac94c804edfbb4b99684673a228abb6c6a36a69c252f9ab4ec23831b88
SHA512

1681089e3f0d760aca0c4427dc9531df689270ea09129e8f2adbc6f1c573be7c943f84f94ad43b01e937456b56d1b7886c86fa78e50660d935d636050c195f7e
SSDEEP

384:ch/xEdV/Pts9neje/e/DMQtuQhkqyZzxuja1N286mivd343iuzh284Jme:ctQRW+euDMQtuegxujSBi5H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
001b5d0377808a3984de13026717442a_JaffaCakes118

Files

001b5d0377808a3984de13026717442a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09f9e05c6407bb56c951175a99c5432f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
lstrlenA
lstrcpyA
lstrcmpA
FindClose
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
CloseHandle
LocalFree
ReadFile
LocalAlloc
GetFileSize
CreateFileA
lstrcatA
GetEnvironmentVariableA
GetPrivateProfileSectionNamesA
lstrcpynA
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
GetWindowsDirectoryA
GetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryExA

advapi32

RegQueryValueExA
RegEnumKeyA
RegOpenKeyA
RegCloseKey

ntdll

memcpy

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromProgID

oleaut32

user32

CharToOemA
wsprintfA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE