3889341fd2678368a4d48c8731cfc048_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3889341fd2678368a4d48c8731cfc048_JaffaCakes118
Size

18KB
MD5

3889341fd2678368a4d48c8731cfc048
SHA1

69f68dff49c29a37a50cf75747f78bde894b5c75
SHA256

1691aa9ca8f72c190cc8b5590703d3f87e9ed41d7588c0ad8d814133447f6cbc
SHA512

da35d2d1df7f8188b47ec46334b8a1b198dac8498b2c4bc47164ecfcd22ba9cbf5b8c79981530e7c87870785048be2708d32c2cfb79404a5952ec433c00f9a5e
SSDEEP

192:uz6FwUH8+gik7mXOMGWHM8Kj3T6kx9o7uAKqsJ6/c7pHQ4w:BwUHzg3RMHKLiu4/c7RO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3889341fd2678368a4d48c8731cfc048_JaffaCakes118

Files

3889341fd2678368a4d48c8731cfc048_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e74182ed236b99955dc172e5440d503e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
InterlockedExchange
RtlUnwind
DeleteFileA
lstrcpyA
lstrcatA
GetCurrentProcess
SetEvent
FreeLibrary
GetModuleHandleW
GetProcAddress
VirtualQuery
CloseHandle
ExitProcess
GetModuleHandleA
CompareStringA
Process32First
CreateToolhelp32Snapshot
WriteFile
CreateFileA
GetFileAttributesA
GetTempPathA

advapi32

RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA

user32

MessageBoxA
ExitWindowsEx
GetTopWindow
CharToOemA
wsprintfA

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE