2b0af5bef23acd9fe0140c40a283a31e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b0af5bef23acd9fe0140c40a283a31e_JaffaCakes118
Size

70KB
MD5

2b0af5bef23acd9fe0140c40a283a31e
SHA1

6e0cac20b7d5a3b4d0d039b8793d79571d411a14
SHA256

b7162f81fce93c53bf354a4d38543cedaed682a69bd1a706f50e841ae551cb7d
SHA512

e449d0255ebe70cf8739d0de6a1dd3272b950ab30f6d3cdf003464a3ceeccbcf8987c704d456cba8543a59a43c26459406f06e2cceadf05df0dc177dcc680d01
SSDEEP

768:8DmndqQwA2VVkmLa4SgE//1WQKKd7LoVwURf051noYa:6IdwamVkMZK2wURf051n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b0af5bef23acd9fe0140c40a283a31e_JaffaCakes118

Files

2b0af5bef23acd9fe0140c40a283a31e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8857c1298cec042a5dc78a3443415c97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
WideCharToMultiByte
Sleep
SetEndOfFile
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointer
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
TerminateProcess
GetCurrentProcess
WriteConsoleA
GetCommandLineA
GetVersion
CreateFileA
CloseHandle
HeapFree
GetLastError
MultiByteToWideChar
WriteFile
LCMapStringW
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
HeapCreate

wsock32

WSAStartup
socket
bind
ioctlsocket
setsockopt
closesocket
htons
sendto
WSAGetLastError
recvfrom
ntohs

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE