3a9caff84c3d2faa16f109540fae1840_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a9caff84c3d2faa16f109540fae1840_JaffaCakes118
Size

150KB
MD5

3a9caff84c3d2faa16f109540fae1840
SHA1

4ff72b02b68d08ca907348251bdf8a84902c8d50
SHA256

5d3aae3fe7417cea28c2e3032b01bb876b9002b543dfd4035b0861fd55078302
SHA512

817630ea2b8ee21653daaa8f27a8db77a018e811930000161974196e52a928f5e30e9aa8d457dd5db9a19ffacdf8a0372610cd68c0b53a3ae1108998c4b749ee
SSDEEP

3072:ac3EEHs6Yc9PisKS79Q8F/+rFOoCQj8JTRSUkBrgFO:533MMipS7e8N+rsoOJNqrgFO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a9caff84c3d2faa16f109540fae1840_JaffaCakes118

Files

3a9caff84c3d2faa16f109540fae1840_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64ee764367f47bfe75a9e2aa9bf9559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdtcexe.pdb

Imports

kernel32

GetCommandLineW
GetModuleHandleA
GetStartupInfoW

msvcrt

??2@YAPAXI@Z
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstok
wcslen
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
wcscpy
??3@YAXPAX@Z
_initterm

msdtctm

ord4

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE