097e1cd3a880817ceccd4f00d8cb8069_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

097e1cd3a880817ceccd4f00d8cb8069_JaffaCakes118
Size

79KB
MD5

097e1cd3a880817ceccd4f00d8cb8069
SHA1

770ba98bfbc7ef83b03eecf4e72f84436f09e39b
SHA256

f5306506fe405b74d5fb19d6fa8b884275b0510c5a3d3b2dcf65cd4f57f47aa5
SHA512

01386f90dc8f74577c97f0bc2f8bf841055985e2adfdf36e8170ddca25acc6af0543f272ac63690226b30e65f1572bc5ed23bb54a7973c3b70d94e47c1ad2d3a
SSDEEP

1536:bDFNxBQ8zWc/RkLgbpyzgFXyF2czW6yikuENovo:bVBVzW2OLg0H2czWRuEND

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
097e1cd3a880817ceccd4f00d8cb8069_JaffaCakes118

Files

097e1cd3a880817ceccd4f00d8cb8069_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CTmpFileEx@@QAE@ABV0@@Z
??0CTmpFileEx@@QAE@XZ
??1CTmpFileEx@@UAE@XZ
??4CTmpFileEx@@QAEAAV0@ABV0@@Z
??_7CTmpFileEx@@6B@
?DelBatFile@CTmpFileEx@@QAEHPBD0@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE