3786d623a8fbeb5c049fc6c54e2e625c_JaffaCakes118 | Triage

Sharing

General

Target

3786d623a8fbeb5c049fc6c54e2e625c_JaffaCakes118
Size

14KB
MD5

3786d623a8fbeb5c049fc6c54e2e625c
SHA1

5a4dd6fe305a232a45f041b5b447f5a192ab58aa
SHA256

d90d17cbd3eece8635091fc4ec318f6b8d7fd2b8b4d279cb0d497517ed51dca8
SHA512

2441a3510d958d5d4847cc71963bd1ad2068d0b797829cf77969636b82e8f65a1d841e3bb5249367c766fb79d0ffe494e6cb35ea79656b739ee65b9251f3e200
SSDEEP

96:KP4XOQzeZ0h918y7h9jnxGu0zsyM3teCXXZdzLNaoxFcVyOTJocu5+5HMD+Az:KgfVnxGayG7HzLncVFTuw5HMD+Az

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3786d623a8fbeb5c049fc6c54e2e625c_JaffaCakes118

Files

3786d623a8fbeb5c049fc6c54e2e625c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4913d64870585ce01555a0dd4d18b85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
lstrcpyA
lstrcatA
CreateEventA
WaitForSingleObject
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
Sleep
ExitProcess
GetModuleHandleA
GetCommandLineA
SetEvent
CreateThread
GetProcAddress
ExitThread
CreateProcessA
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
InterlockedExchange
VirtualQuery
WinExec

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

DestroyWindow
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
TranslateMessage
CreateWindowExA
BeginPaint
ReleaseDC
ShowWindow
AnyPopup

Sections

UPX0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE