4327ff98a81c2b3720600e28a8eabb16_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4327ff98a81c2b3720600e28a8eabb16_JaffaCakes118
Size

26KB
MD5

4327ff98a81c2b3720600e28a8eabb16
SHA1

4ddc26d35910c0809821dc650a6ee9321df17cf7
SHA256

3fb97b3e2cbf6f2385df073acaab24a81d7ad824886f48b961078ccd7c396c62
SHA512

1073f1b26a6415d54057c99cd7b06b8bd2dcb07f3f44fb52a957101341ed6dd3b34b66d08aba561ce67124e3fcc889e40a6aadfc1501ddcf5c33ee6aae72ea25
SSDEEP

192:QijEQPkNPaZCHPAC1GI8eJeQ+MkoTuTte1rV09KvGBn2TuVS+83j2ds897jCy:ZFCzJ9zJTu8hV6KvK2Tf3C7jC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4327ff98a81c2b3720600e28a8eabb16_JaffaCakes118

Files

4327ff98a81c2b3720600e28a8eabb16_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ee7f67f9630fa085dda69a6cdf55dd19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
CloseHandle
GetFileAttributesA
GetVersionExA
GetProcessHeap
lstrcatA
lstrcpyA
LoadLibraryA
CompareStringW
RtlUnwind

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

user32

wsprintfW
CharLowerA
EndPaint
DestroyWindow
IsWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE