2b8f0732bb600626c918294d4a73b6b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b8f0732bb600626c918294d4a73b6b8_JaffaCakes118
Size

270KB
MD5

2b8f0732bb600626c918294d4a73b6b8
SHA1

4539630c71e984a4e5b5fe33dbf8123fa5404e36
SHA256

89da5da5780835e35cba2332a8facf309d7dd340bd11a18d6c58dce3a5ce84d7
SHA512

cd3cea540dc1d3589fa8fbb0808eaa8f4d11c71a2c3b8557d37a5a1192facdfb0a7d78a72c5c89fd41feb72f7fb6869cb3e3b3176763310aa7243102b335eb4c
SSDEEP

6144:1Ff5Uu6M18JOJzlrtJ8a7bK7QD7ZoWpG4p9aMY50:1xxHEOrtHbK7QBoWRPYu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b8f0732bb600626c918294d4a73b6b8_JaffaCakes118

Files

2b8f0732bb600626c918294d4a73b6b8_JaffaCakes118
.dll .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
SetVM
SysLogoff
SysLogon

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE