102f54274da5a6d11eda58a0786976fe_JaffaCakes118 | Triage

Sharing

General

Target

102f54274da5a6d11eda58a0786976fe_JaffaCakes118
Size

70KB
MD5

102f54274da5a6d11eda58a0786976fe
SHA1

cef5c0f109b19193d145a6b7885443d581b267bb
SHA256

b43915923f852d49f7b03bd12fc97fa437ee4dfbfebbcbf0787c172e85adf156
SHA512

faadebc0860bd8516e2f7105ca53f034e8943b780e9f7d288d7e377c64c968f1f5998d2ca33f915c88a1535855c23a30a6dcf2f614727b2201ab133f99ce7b1f
SSDEEP

768:bnyW7pL/S45vZzR89CxTogWSgHLWHsUCl8h4AmvYDEeTcYl:WW7RS6ECxRgHRUXavVeT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
102f54274da5a6d11eda58a0786976fe_JaffaCakes118

Files

102f54274da5a6d11eda58a0786976fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2d7a26b874f2c20faa28394d64ee14f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
CloseHandle
WriteFile
SizeofResource
CreateFileA
CreateDirectoryA
LockResource
LoadResource
FindResourceA
ExitProcess
WinExec
lstrcatA
lstrcpyA
GetModuleFileNameA
GetTickCount
GetCurrentDirectoryA
DeleteFileA
Sleep
GetProcAddress
LoadLibraryA
GetSystemDirectoryA

msvcrt

rename
sprintf
strrchr

shell32

ShellExecuteA

user32

FindWindowA
PostMessageA

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE