1c0ccde8ef082eace32942407007c00d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c0ccde8ef082eace32942407007c00d_JaffaCakes118
Size

22KB
MD5

1c0ccde8ef082eace32942407007c00d
SHA1

938fc1b8619830a5e50d0b08d52bc9614a82a653
SHA256

5a4e869d78bc0deecfe9f289cd745722b6c0940441b91df9d79ad55e0528467f
SHA512

1c846fce006c0caabca09dbdcdf3678deb935f926edab13c5e7f1dc607f0d96fd802d7b0835e9149c927857f3aea400596122f3fc24f64200df23bd1d0dc1d44
SSDEEP

96:KqgooIR+m/yGe5TNKlSvXfC2sU7VbjYeV6vIo:Kqc6/iNK2CC7ljYeV6vIo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c0ccde8ef082eace32942407007c00d_JaffaCakes118

Files

1c0ccde8ef082eace32942407007c00d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

436fa0d043f820bfcbd2b131c480f55f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
UnmapViewOfFile
CloseHandle
CreateFileMappingA
MapViewOfFile
CreateThread
Sleep

msvcrt

free
_adjust_fdiv
malloc
_initterm
memcpy
sprintf
memset

ole32

CoInitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

urlmon

URLDownloadToFileA

user32

TranslateMessage
UnhookWindowsHookEx
DispatchMessageA
CallNextHookEx
CreateWindowExA
SetParent
IsWindow
DestroyWindow
SendMessageA
PostThreadMessageA
GetWindowThreadProcessId
SetWindowsHookExA
GetMessageA
PeekMessageA

Exports

Exports

HookProc
xURLDownloadToFile

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE