3a9f841807f9393065dbeba2972f5410_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a9f841807f9393065dbeba2972f5410_JaffaCakes118
Size

995KB
MD5

3a9f841807f9393065dbeba2972f5410
SHA1

d7d6b05cb2729c4dbfa047dd3a12cfd9fb3117e7
SHA256

56754929a300a30f92f3c7317943d94314bdcc660b4407227a5e163fde92e561
SHA512

93ec643e6f6ed466cd10dc0317314f9fc6307db74bc0ee010aa9118c4a24f487dfc7e5013ff377def75af87e54ddb78fbc18d215264d03e6aa79835137225e9d
SSDEEP

6144:WfTopDsndBMzvSvl72WO5+i+r61p5E5555555555555555555555555LyvjzocyP:W89KdBMzvSN7nOki+G3vei0rJmZ9YI6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a9f841807f9393065dbeba2972f5410_JaffaCakes118

Files

3a9f841807f9393065dbeba2972f5410_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0e3179ed624b8fa0abf80176ed5577f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CreateSemaphoreA
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filbuf
_flsbuf
_iob
_isctype
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
abort
atexit
fclose
fflush
fopen
fread
free
fseek
ftell
fwrite
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
ungetc
_fdopen
_lseek
_read
_strdup
_write

shell32

SHGetFolderPathA
ShellExecuteExA

Sections

UPX0
Size: 992KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE