3026787e5bbb2caaf7c64c0f5bd5ea0b_JaffaCakes118 | Triage

Sharing

General

Target

3026787e5bbb2caaf7c64c0f5bd5ea0b_JaffaCakes118
Size

340KB
MD5

3026787e5bbb2caaf7c64c0f5bd5ea0b
SHA1

c7a03a91b54339dd80e0737b26d920aef3e0b497
SHA256

970d61b2755e9fab7d8643959553fbe3621f67231a3068a2f8c220952e4aed64
SHA512

4d528996d58b4760d48594023ba7c6eada8b5d1dcdc6ec888084595585d96c37505813af51d9351df89bb7f8b8cf4f059751e8fa95539ab52c470e5a23c12fa6
SSDEEP

6144:NC5k6d7jUMT0aqujzPDKSM179a6SOE13NnE9K/9LhBhi7d4p:Q5km7jUMTRT3M1UX13lPLh+Jw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3026787e5bbb2caaf7c64c0f5bd5ea0b_JaffaCakes118

Files

3026787e5bbb2caaf7c64c0f5bd5ea0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8c5fe4c4639e156f0c3d3e317c9cfd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetExitCodeProcess
GetThreadLocale
GetUserDefaultLCID
CreateFileA
GetFileSize
WriteFile
OpenEventA
CreateNamedPipeA
DuplicateHandle
FreeLibrary
GetEnvironmentVariableA

Sections

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 280KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX!
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX!
Size: 4KB - Virtual size: 1KB