24989e87b8ef82d48d8d43e61de38912_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24989e87b8ef82d48d8d43e61de38912_JaffaCakes118
Size

26KB
MD5

24989e87b8ef82d48d8d43e61de38912
SHA1

e57ced3bc5e92e0c13d11e63d6254cc5afac4721
SHA256

310cbe5ef14aa724d21a389a10e4bc2c21d0b76802c7d1afc8b3cc8c78de5769
SHA512

02b048aa7a7aeb3668c22c2cbc8f73700e29060b94e0c5b8efe2a3f8346829f15a3190bcd67b466301d29614955bb7ffe2dbde98b5ba087f165b84a2e48b210d
SSDEEP

384:kQH3FTlzC6aJ+69tgkrYiVS8V/C1o5ro:kk9IcuYiVDVq1oVo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24989e87b8ef82d48d8d43e61de38912_JaffaCakes118

Files

24989e87b8ef82d48d8d43e61de38912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c00eae99152d1d73bbb1ba1a25a71e87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcmpA
lstrlenA
_lwrite
_lcreat
lstrcatA
WinExec
LoadLibraryA
_lclose
GetSystemDirectoryA
GetProcAddress
GetVersionExA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
FreeLibrary
ExitProcess
GetCommandLineA
CopyFileA
DeleteFileA

advapi32

SetSecurityInfo
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
InitializeAcl
IsValidAcl

ole32

CoCreateGuid
StringFromCLSID

user32

TranslateMessage
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
LoadIconA
RegisterClassExA
GetMessageA
FindWindowA
LoadCursorA
DefWindowProcA
CreateWindowExA
DispatchMessageA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE