076856291b115ea37eed77b6cd928ec0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

076856291b115ea37eed77b6cd928ec0_JaffaCakes118
Size

107KB
MD5

076856291b115ea37eed77b6cd928ec0
SHA1

8f71fa4a75fc43c9ec11fe4f4c70dfd220792d71
SHA256

29f10ad0c8dd782cca360b11f114d84e674f306bc392cc84caba5b441df39f19
SHA512

d0fc604e08c69f1798c46bdb62fb51f5bd6d07a419fca49f90cb7e25a53efcdc4a09fca480d6839316b0fe6085753515e33c8f13346db056ca46143eb2ade257
SSDEEP

384:goCE/fL9aActKn/WPBWaB7bpOXRtixc9gm9wYgm9Y7fi1hzcD:7njs8upWIfp8Roggm9Lgm9YfirzE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
076856291b115ea37eed77b6cd928ec0_JaffaCakes118

Files

076856291b115ea37eed77b6cd928ec0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d26563ad3ea0019ef107306607cf81e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
lstrcpyA
WriteFile
SetFilePointer
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
lstrcatA
GetTempPathA
lstrcmpiA
ExitThread
Sleep
CreateThread
GetModuleFileNameA
GetPrivateProfileStringA
CloseHandle
FindClose
lstrcmpA
FindNextFileA
FindFirstFileA
FreeLibrary
lstrlenW
lstrcpynA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
ReleaseMutex
GetLastError
CreateMutexA
SetErrorMode
RtlUnwind
SetFileAttributesA
DeleteFileA
ExitProcess
InterlockedIncrement
GetTickCount
GetPrivateProfileSectionNamesA
lstrlenA

advapi32

RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA

iphlpapi

GetAdaptersInfo

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

user32

CharLowerA
GetActiveWindow
wsprintfA

wininet

FtpFindFirstFileA
InternetFindNextFileA
FtpGetFileA
FtpPutFileA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetConnectA

ws2_32

WSAIoctl

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE