16f7c53dbbb2de456b1cefd4e507f648_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16f7c53dbbb2de456b1cefd4e507f648_JaffaCakes118
Size

200KB
MD5

16f7c53dbbb2de456b1cefd4e507f648
SHA1

718dc2c7f01fa63c4d19d3aede2096e1f7bdc15b
SHA256

dd2f2a2a13af0c0c2c6f8b9ccba35e8af2cf236197cbf3fba97ae55802593cc8
SHA512

3de387250cf58e7946d30b71bd7bd7465456e99919a8bad3538bf8a2f5c2d95690574496d2c20376f433c4ef62444058f4ff66b33c976b3cf3986d6fc9165655
SSDEEP

3072:+QKapJgyfEdFKgiVOt3ITWUWibLFyUpTTxvIkXKg1lANNnLWk37wlBdnDoAzn:caLg6EdFVtOfbZZTRatNZ5sdnx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f7c53dbbb2de456b1cefd4e507f648_JaffaCakes118

Files

16f7c53dbbb2de456b1cefd4e507f648_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dcc48f9a31b21c9219d4e23bd0acf5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalFree
FormatMessageA
GetLastError
MultiByteToWideChar
GetModuleFileNameA
GetModuleFileNameW
Sleep
GetProcAddress
FreeLibrary
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
RtlUnwind

user32

wvsprintfA
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE