358083d941f1393e34d752aeb34628f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

358083d941f1393e34d752aeb34628f2_JaffaCakes118
Size

216KB
MD5

358083d941f1393e34d752aeb34628f2
SHA1

57f1d47f71159e1c491755fb1026bac320cfb947
SHA256

a96109eb11d2289a60a4fe8b7b7a62a623dacfe3fe2e6b22ee4d6e4d4b18bd59
SHA512

553c8efeea38a208c32404d7b8fabdf5e69196eca055930e82c0030677aa5388092e6aaa56178180808400d6b69d97b6e8992e616a4e3629d442abcfa4453af5
SSDEEP

6144:FFNsveQRK66nlu+9isxROBO8oiF/vc4DWV/b5e:FEvewK6Yd9iCROBOsF/vJ0M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
358083d941f1393e34d752aeb34628f2_JaffaCakes118

Files

358083d941f1393e34d752aeb34628f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de39dc68941cc6307e3b2590c857a907

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA

user32

wsprintfA

advapi32

RegCloseKey

ole32

OleRun

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 140KB - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aDATA
Size: 68KB - Virtual size: 114KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE