2be474563c7bc86e4138ba8abb98036c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2be474563c7bc86e4138ba8abb98036c_JaffaCakes118
Size

25KB
MD5

2be474563c7bc86e4138ba8abb98036c
SHA1

c6ae02b00a8add4d77563247118fceb0a4f94869
SHA256

f8e3f59d1aab56c77fc2cf5c1c99fbcd5ac41e93cc153d5eebdb8991ce07e0fc
SHA512

3bab8eb85d2c3cb9381c125908904566642376fe256873d7fcf37d6d1c446248ba2a3b1ef527599ac725bd428cf6e2917116ca1e468bc978f3e642cfe57784c4
SSDEEP

96:xoEkMV5LnusfmBB4KIERwtU31Le9nO5SKjzq1zkw7vC:R5klc85ljzOzkw7v

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be474563c7bc86e4138ba8abb98036c_JaffaCakes118

Files

2be474563c7bc86e4138ba8abb98036c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

448aa442a65683f658a06597ab2e3989

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetModuleHandleA
ExitProcess
lstrcpyA
GlobalFree
GlobalAlloc
CreateFileA
WriteFile
SetFilePointer
CloseHandle

comdlg32

GetOpenFileNameA

gdi32

CreateFontIndirectA
DeleteObject

shell32

ShellExecuteA

user32

GetMessageA
GetDlgItemTextA
GetDlgItem
LoadCursorA
LoadIconA
PeekMessageA
PostQuitMessage
RegisterClassExA
SendDlgItemMessageA
SendMessageA
EnableWindow
ShowWindow
TranslateMessage
UnregisterClassA
UpdateWindow
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
SetDlgItemTextA
GetSystemMetrics

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE