428aac5495bacf2f2b68cc5742983325_JaffaCakes118 | Triage

Sharing

General

Target

428aac5495bacf2f2b68cc5742983325_JaffaCakes118
Size

88KB
MD5

428aac5495bacf2f2b68cc5742983325
SHA1

be5902c0f6893cbc903eb823a005e21c6acff0d9
SHA256

571e2411490737cd7c268688cb86e5fc70bc291d0498f341fcaad2429994ebb9
SHA512

393294ff5cae212664caa0769f27917b5c9279593d9c4ab2f65ec9c58a898381b20115f497520023ee8a2042414b7cc1e8ce939d0aafa44e31f03d6a4015eb19
SSDEEP

768:fOWIG1ivhP8xebxio6LwDKPbSjZCIdG2pTzRb16ZOqPaRTQRk0opEAuRKWdbjre6:2Wj1gQm67bSlxD0oW9KMbjr5kRa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428aac5495bacf2f2b68cc5742983325_JaffaCakes118

Files

428aac5495bacf2f2b68cc5742983325_JaffaCakes118
.exe windows:4 windows x86 arch:x86

48c9e7151a29f68494e3c45fd6e2b479

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
CloseHandle
WriteFile
GetSystemTime
CreateFileA
GetProcAddress
LoadLibraryA
Sleep
GetTempPathA
WinExec
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
CreateMutexA
OpenMutexA

msvcrt

sprintf
rand

shell32

StrStrIA

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE