2a7dffb9aa3b6c867d9f6a376c1d16a6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a7dffb9aa3b6c867d9f6a376c1d16a6_JaffaCakes118
Size

14KB
MD5

2a7dffb9aa3b6c867d9f6a376c1d16a6
SHA1

bc14e34594547017d1b0022fb1d09ec1b7ddb809
SHA256

482ce6a4e21904d0f33439a46270e65a29152de777c55799eac074e2025eb55f
SHA512

cab9a96470d6c1c361b11053e12c4fffbf93be589aafa6c1c85b78bb0604a78e806642fc7ca5a348380b5f86918849b2cd294a7e47285be06d5f359764ac0966
SSDEEP

192:6S19V/Xxw5+vEy65GUqnZTHK7H7+us2SYyWuSCiiSCmWth1pZtPQzrFeXdSMxwlE:p/K5UJ6tqnZTHKdFoLoI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a7dffb9aa3b6c867d9f6a376c1d16a6_JaffaCakes118

Files

2a7dffb9aa3b6c867d9f6a376c1d16a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

818a37fb175ee9d4493fec830790b593

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
OpenProcess
GetLastError
GetProcessHeap
HeapAlloc
GetCommandLineA
GetStartupInfoA
CloseHandle
WriteFile
CreateFileA
CreateProcessA
Process32Next
WaitForSingleObject
TerminateProcess
GetShortPathNameA
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Sleep
DeleteFileA
GetWindowsDirectoryA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetModuleHandleA
ExitProcess

advapi32

RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA

comdlg32

GetFileTitleA

urlmon

ObtainUserAgentString

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

UPX0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE