2e6dfb3f7a097e6851889c850b62fab7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e6dfb3f7a097e6851889c850b62fab7_JaffaCakes118
Size

83KB
MD5

2e6dfb3f7a097e6851889c850b62fab7
SHA1

764c6ac37069bddf8fed42fb908b3579cbd53909
SHA256

0f2e9be388c50402f41e6b6fd419b4f36fa0ccd310f0dd18d5a1b27353f6a96f
SHA512

814d445d70a89a356ba7c685dd985c64c048dd49cdbc165b2c5bd01153a1c49781e197d493226701d3ddd37a6c513d7e81f9f3906528fb9b3e74e350ac59055f
SSDEEP

1536:64vf6PhmRqtHhdkMMn/T8y7tC5stqS2G8GH:64KpmRqtHI97twstq8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e6dfb3f7a097e6851889c850b62fab7_JaffaCakes118

Files

2e6dfb3f7a097e6851889c850b62fab7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

549adfd8106b5166af4e7e83f2489b5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

UPX0
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE