0813acd85ffcfdf2e6f672ecb99caa86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0813acd85ffcfdf2e6f672ecb99caa86_JaffaCakes118
Size

526KB
MD5

0813acd85ffcfdf2e6f672ecb99caa86
SHA1

58447d963d3d7bfadd929325ede782e85b49c76d
SHA256

28e2b649a4a38bc5077434b8eea2a2df308d7e11795a61995db336e0f8dd4792
SHA512

1586834aad1d530ce2db463e3b3adc58300b272ac3e686d2f6883263ae0434fc288d0d2b6a785f38b2ffac2a87c9cf4c1eae50ee5c64755205e06d3b4ced4244
SSDEEP

12288:y1KaPbMRkUMr1n7LiLMdI4dFzU5u+1+ZUYNIfY/cRvS:sKaARhSSLMjvz+u+A6YWfGcRvS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0813acd85ffcfdf2e6f672ecb99caa86_JaffaCakes118

Files

0813acd85ffcfdf2e6f672ecb99caa86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de39dc68941cc6307e3b2590c857a907

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA

user32

wsprintfA

advapi32

RegCloseKey

ole32

OleRun

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 452KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 67KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE