2c60b1a330238077a813b96efe3db1ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c60b1a330238077a813b96efe3db1ea_JaffaCakes118
Size

47KB
MD5

2c60b1a330238077a813b96efe3db1ea
SHA1

5e3dbe42f76b4ce0e85a2ed150f2d938c3b9fe43
SHA256

a4ad49e0820c7bb9d155e7f20954aad0f69aa2c3f93d3b68f5d57b962b4a1645
SHA512

a13f14b0bf0bb0a984978072ffb09c22c1dc49c1388b7d077f6acd3ceb0ad983a26d8bf521cec0d74e3a0cc0bae16d6d8c0630aa3fcd7cd1ec5d2b59f481ff9c
SSDEEP

384:WSC65u5rxG6dWH5ttUY6AvwZGNZc7fsQm0taSSEcVQKeKFvQpcoL:WkLuGHaiqnc2KFYpc8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c60b1a330238077a813b96efe3db1ea_JaffaCakes118

Files

2c60b1a330238077a813b96efe3db1ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2be61e8997e53a2cecb287a541bbab81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GlobalAlloc
WideCharToMultiByte
CreateEventA
GetFileAttributesW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetStdHandle
GetLastError
GetProcAddress
GlobalFree
LoadLibraryA
DeleteTimerQueue
GetModuleHandleA
lstrcatW
CloseHandle
GetVersion
GetCurrentProcessId
lstrcpynA
lstrcpyW
lstrcpyA
ReadFile
WriteFile
RtlUnwind
CompareStringA
CreateToolhelp32Snapshot
Process32First
SetFilePointer
lstrcmpA
UnregisterWaitEx
CreateFileA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

user32

GetWindowRect
DestroyWindow
GetFocus
GetGuiResources
wsprintfA
GetClientRect
SendMessageA
RegisterWindowMessageA
wsprintfW
SetWindowLongA
GetWindowLongA
CreateWindowExA
GetDlgItem
ShowWindow
IsWindow
CreateWindowExW
IsWindowVisible
SetWindowTextA
EnableWindow
CallWindowProcA
SetDlgItemTextA
MessageBoxA

Exports

Exports

avvx
kill
wdmd

Sections

UPX0
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE