0db80e47ce87802c5129cdaadf478e0e_JaffaCakes118 | Triage

Sharing

General

Target

0db80e47ce87802c5129cdaadf478e0e_JaffaCakes118
Size

381KB
MD5

0db80e47ce87802c5129cdaadf478e0e
SHA1

52305f69a89f6b681ab4ad2150c93099d2f787b3
SHA256

99276ab04e0c3e9ba1e4bcc81617de466ac1b5f2180b341b92bebb84f6d9af27
SHA512

75697be033e6b4ba565269c66521a6c3dacce59df7047f03d72f54719391d31da696720d768c42f7738f3db5b2b034182e93b98f79d134e065edc8b3e2eb8c14
SSDEEP

6144:UHYE3W/wg3TBniHgYNwCpxFLZGw9rRlfyamg6Vez5:iYhYE5iHgYNdPln9rrlmX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db80e47ce87802c5129cdaadf478e0e_JaffaCakes118

Files

0db80e47ce87802c5129cdaadf478e0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

270a1b5a2509339f77adb413be1f6615

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LockResource
CreateFileA
LoadResource
SizeofResource
FindResourceA
WinExec
GetSystemDirectoryA
GetModuleHandleA
GetStartupInfoA
WriteFile

mfc42

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
__p___argv
exit
__CxxFrameHandler
_setmbcp
__p__commode

user32

LoadIconA
EnableWindow

Sections

UPX0
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE