18f3eaef3603d529c8c172447aeac0a7_JaffaCakes118 | Triage

Sharing

General

Target

18f3eaef3603d529c8c172447aeac0a7_JaffaCakes118
Size

30KB
MD5

18f3eaef3603d529c8c172447aeac0a7
SHA1

c80ab0b1c058af21a8474d19242b196ad6528e0b
SHA256

24b368113ae26012b45088b8aa00d5fa37af1f2154b86bdbf632160443fce9d4
SHA512

50ee8eb7c63e65a8cd1a116270b371d397bf2a85285a5f67383abf70c4898e41c15fc4f1d23c7f1cacac3699e88e717e58988df73b58b734dea983133201aa42
SSDEEP

384:Xk4USw8tKDo0aSOFMCKtboUsBjf8qNANzxHsn+6bmpeGqeLteMs6dNL:Xk49RAuMlRCYqNAjHu/CpeGqeLteB6dZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18f3eaef3603d529c8c172447aeac0a7_JaffaCakes118

Files

18f3eaef3603d529c8c172447aeac0a7_JaffaCakes118
.exe .js windows:4 windows x86 arch:x86 polyglot

efa2604dafe688a2b6e0563abb975bd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualUnlock
GlobalAlloc
VirtualLock
GetCurrentProcess
GetVersionExA
UnmapViewOfFile
MapViewOfFile
RtlUnwind
InterlockedExchange
GlobalFree
GetProcessHeap
WaitForMultipleObjects
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
lstrcmpiA
CloseHandle
WriteFile
CreateFileA
Sleep
lstrlenA
CreateThread
lstrcpyA
GetTickCount
WaitForSingleObject
GetCurrentProcessId
CreateMutexA
GetModuleFileNameA
OpenMutexA
GetSystemDirectoryA
ExitThread
HeapAlloc
VirtualQuery
HeapFree
SetFileAttributesA
GetModuleHandleA
GetTempPathA
ExitProcess
CopyFileA

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

user32

CharUpperA
wsprintfA
FindWindowA
ShowWindow
SendMessageA
FindWindowExA

wininet

InternetGetConnectedState
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

ws2_32

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE