2226e6c24b8a995a4845b6fe46d8e675_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2226e6c24b8a995a4845b6fe46d8e675_JaffaCakes118
Size

34KB
MD5

2226e6c24b8a995a4845b6fe46d8e675
SHA1

e271f82b8b409576c3b7c96c3ffe026ce436f815
SHA256

69ce81d1740a1764f5ff7822823b745fe783e9b4a8fbf69864e304a2b2a11e7b
SHA512

25cb039020608e1e07595c62a49d901b66f0b11a81b55890efa95d7afd0861dcf64e6dd9fd79283003563ae99074bcc8d822f5c1d415126ec1d4fb39b16c7668
SSDEEP

192:B2qtosL7x8+z6UpF1V64b2IgmfhMcyPnFHeMO8dpjJHAsIAXHS6+L:Bce3vLIPFjO8P1XIey

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2226e6c24b8a995a4845b6fe46d8e675_JaffaCakes118

Files

2226e6c24b8a995a4845b6fe46d8e675_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e38bfa4cc2417e00e9cf391e41d26214

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetStartupInfoA
GetModuleHandleA
CreateMutexA
GetLastError
GetModuleFileNameA
OpenMutexA
CloseHandle
GetTempPathA
Sleep
GetVersionExA
GetCurrentProcessId
FreeLibrary
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA

mfc42

msvcrt

_filelength
strtok
sprintf
fwrite
fopen
exit
srand
time
_except_handler3
?terminate@@YAXXZ
_exit
_sopen
_acmdln
__getmainargs
_stat
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
_XcptFilter
rand
fclose
_initterm

oleaut32

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHSetValueA
SHGetValueA

user32

DefWindowProcA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassExA
PostQuitMessage

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE