3b792ebb91cda8e3a26f3a32189cc689_JaffaCakes118 | Triage

Sharing

General

Target

3b792ebb91cda8e3a26f3a32189cc689_JaffaCakes118
Size

247KB
MD5

3b792ebb91cda8e3a26f3a32189cc689
SHA1

fd920cc190aa0a003d6b37ab4c8d594b6e63efaa
SHA256

54a1f9b42021417624c48c597afaabbef7ec054945c9f91a82f6c8175032f7ac
SHA512

51c17cbad8cb963e248a51c08f65b2c2fb4f4a0eb3e45a92937d1b4f363b579789f9a19879c7fb532f39ca5da8316e07fcb0035809806a9ca8742455548df456
SSDEEP

6144:noSkWoIj5mmXZwYmmz/3yTHFb6UZRaNdU+:nto3mJxjz1UZkNdU+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b792ebb91cda8e3a26f3a32189cc689_JaffaCakes118

Files

3b792ebb91cda8e3a26f3a32189cc689_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Install
OffEvent
OnEvent
QueryStartSequence
StartFoo
StartMain
Uninstall

Sections

UPX0
Size: - Virtual size: 380KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE