317d6730bbc77d0100ea71b7f2c9eb58_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

317d6730bbc77d0100ea71b7f2c9eb58_JaffaCakes118
Size

1.6MB
MD5

317d6730bbc77d0100ea71b7f2c9eb58
SHA1

b1cc7d54de58580dabfe3ca44b86e97853fb89d9
SHA256

d5667a437ac22171c44421b6f4f974f48f2bcf3808c2cce936f03816ba4523f4
SHA512

56294f2708f0d0a3b198677127d67038145174493a82706506ab9070f162616b50b9fb078edd1ac9be430a401f764e5f0cf49b789f9fbb0ec5283ce1e4cfa8e3
SSDEEP

49152:7lbE1T9iSdJwQ2qY1kkUtXma1S8ygmXvuo:7lbEB5d79Fk4XmaM8rmmo

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317d6730bbc77d0100ea71b7f2c9eb58_JaffaCakes118

Files

317d6730bbc77d0100ea71b7f2c9eb58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 337KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE