2ebb02d5e9189da697cf7723c4b85d01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ebb02d5e9189da697cf7723c4b85d01_JaffaCakes118
Size

33KB
MD5

2ebb02d5e9189da697cf7723c4b85d01
SHA1

5731edc0bc0d233aeee8d457a5ab0fde586686db
SHA256

157b1e3938590d85e57534d1c4621f8da44e03ad2749460766fecd868a4d78f7
SHA512

675c02ad55b1385f4a72c6d137b396c2dfb1f17042b90ce557d8f875b72156a0655453a37405be6e806a5db0c33cb95c20e5c3df7870466949ad2a2edfab584e
SSDEEP

768:c/pb3Ebz9Ll1/2F4daJ2I/0WFDQuSGX6ON8TsCBj/:c/pbeLHDaJ9sqDQuBX6O2Ts

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ebb02d5e9189da697cf7723c4b85d01_JaffaCakes118

Files

2ebb02d5e9189da697cf7723c4b85d01_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1602aaf65cb37110cce4c7f4e84680e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DrawTextA
DrawIcon
DrawCaption
DispatchMessageA
DialogBoxParamA
DestroyWindow
DestroyMenu
CreatePopupMenu
CreateMenu
CreateIcon
CreateDesktopW
CopyRect
CopyImage
CharPrevA
CharLowerA

kernel32

ExitThread
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
VirtualFree
TlsSetValue
SetCurrentDirectoryA
RtlUnwind
ReadFile
RaiseException
GetModuleHandleA
GetLocalTime
GetFileSize
GetDateFormatA
FlushFileBuffers
EnumResourceLanguagesW
FindResourceA

Exports

Exports

Activate
DllCanUnloadNow
DllGetClassObject
HookProc
Logoff
Logon
getProc

Sections

.text
Size: 15KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ