417e1419b3182593346f3a0e49516bc9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

417e1419b3182593346f3a0e49516bc9_JaffaCakes118
Size

40KB
MD5

417e1419b3182593346f3a0e49516bc9
SHA1

8078a81ab3d230485d04636e2aa5ae1acaaee8e2
SHA256

8f21b6d5196e6856bd8e17e19fecb3590b8005e2e7e579c3751eb76cce22bb51
SHA512

77337f404f77f9248cb9f2508d5792022ab3323e2270742750da8a10772ae37daa1fce478e4a8fd9db0f90547646684477b4b7e87ed820c253aaeeb2982ce628
SSDEEP

384:lAdEKkk6yPGLHdXm+zYuL0+STmNCffpDmeE5loUR:lFKkk6jpX3vSiMRweUR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
417e1419b3182593346f3a0e49516bc9_JaffaCakes118

Files

417e1419b3182593346f3a0e49516bc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f048f2eb54f91d24205d0911ce9ec1ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
FindClose
FindNextFileA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
GetWindowsDirectoryA
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE