265d900f1bfa1ac54e2727652c1923c9_JaffaCakes118 | Triage

Sharing

General

Target

265d900f1bfa1ac54e2727652c1923c9_JaffaCakes118
Size

24KB
MD5

265d900f1bfa1ac54e2727652c1923c9
SHA1

e9d9aa9c05ebfc3a6f5ea38f09a9f4c6411c660f
SHA256

1682e8fa144402cf9e81636a19c008abcad9d9757fb29a1fdf4bc61c52331a9c
SHA512

d042eae314c79e1b4ee352530bbb85ee9cf032fa6d7bcecec8200b1fc0d219d759de55ca291cefe08a278833f20948f1778cb57f14e7a78e51857eeea5137070
SSDEEP

192:szDCO4CMyu8Ttzljo7kgC1PVhc8baNfN4lzXp1NIM6b/sJlPyEc:qD7Vja7fAPo8sSXp1NIMisaEc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
265d900f1bfa1ac54e2727652c1923c9_JaffaCakes118

Files

265d900f1bfa1ac54e2727652c1923c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9b6a37f37c589729c75a65221eefe01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

advapi32

RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

user32

SetTimer
GetMessageA
CharUpperBuffA

msvcrt

??3@YAXPAX@Z
fread
??2@YAPAXI@Z
ftell
fseek
_exit
fwrite
exit
fopen
strrchr
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fclose
sprintf
sscanf
strncmp
_acmdln
__getmainargs
strncpy
strstr
_XcptFilter

kernel32

GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
OpenProcess
ExitProcess
TerminateProcess
FreeLibrary
CopyFileA
GetLocalTime
CreateThread
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
CreateProcessA
DeleteFileA
CloseHandle
GetModuleFileNameA
GetCommandLineA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE