2e19e6983b46f0b1d8c553efa97a643b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e19e6983b46f0b1d8c553efa97a643b_JaffaCakes118
Size

144KB
MD5

2e19e6983b46f0b1d8c553efa97a643b
SHA1

dd335a0636795a47eefba280ea28df879ecf8117
SHA256

74007c4d78f49b463f56e9f12171870fbbe78a481f1fd2a90893ad099516c228
SHA512

6eac8ea7f0fbb6248293482f7d6e057d1a6f59f63e579ca977930a2637567b3d97fe37353d7d12fc135dda65afe656ab61809add81ec404b1477750401264e6f
SSDEEP

3072:48v5lzMaSH4cXUlCC5e1bLwKYPoFIOJw5GW:RxSYcXuC36PLEw5L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e19e6983b46f0b1d8c553efa97a643b_JaffaCakes118

Files

2e19e6983b46f0b1d8c553efa97a643b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16593d3eb25e314a87d0f81a26f1ee23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
GetStringTypeW

user32

MessageBoxA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE