422f1ba2814f3fab05353ad1c7edd708_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

422f1ba2814f3fab05353ad1c7edd708_JaffaCakes118
Size

132KB
MD5

422f1ba2814f3fab05353ad1c7edd708
SHA1

b824f5de14270c72951ff6b3039d6e6b5fc21e1f
SHA256

296cb181da9b03cab0187ba1d2cd0836b0a8f093c152b18315195f5ee667fee5
SHA512

32b7dc0f35049ed8dd6b02a87ed2ff5bbd094983a84cca620cd613a87ddc1c9781a265623353ba8f779b15a16f23ef9758b0b2fdbf02c359342e3fd205eca114
SSDEEP

3072:YOo425Nz3hHqGhGVz+rEMSQJBWIMSC/emc8HACjg5:BSMGhuirTJwGYc8HACc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
422f1ba2814f3fab05353ad1c7edd708_JaffaCakes118

Files

422f1ba2814f3fab05353ad1c7edd708_JaffaCakes118
.exe windows:5 windows x86 arch:x86

46084168b412e051097ae39c055c9320

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

Sections

.text
Size: 24KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE