309659532f55458bc2f9ed8ee6133bb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

309659532f55458bc2f9ed8ee6133bb4_JaffaCakes118
Size

22KB
MD5

309659532f55458bc2f9ed8ee6133bb4
SHA1

efc1b4293be8d52f699e007edf94dec7557e2758
SHA256

32dd6d8ec7c0c7b1dcd5561b88104cd50fe75181a5dffdd5966971a501f211dc
SHA512

ff54a74d88a76b9379a7eb57514769aabf38a27ebe350eee6a253a43b3494cc10b2d4f20053d1260c45ef85b57ef6ecc420fc8947cdbd1745d529404a8281381
SSDEEP

384:xaaUGGhs6ITkk4wnuGppook/1xmld+771SKqgDbqmclnATyyIe1hJqYd2rhK:x/UGGhbbz1TD0t0yo4YErhK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309659532f55458bc2f9ed8ee6133bb4_JaffaCakes118

Files

309659532f55458bc2f9ed8ee6133bb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17fb54fcad6211eb64365ea7ac4e8edb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
OpenProcess
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryA
VirtualAlloc
MoveFileW
GetEnvironmentVariableW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
DuplicateHandle
TerminateProcess
WaitForSingleObject
DeleteFileW
GetCurrentProcess
CloseHandle
GetWindowsDirectoryW
GetVersionExA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetStringTypeW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

GetWindowThreadProcessId
PostMessageA
EnumWindows

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE