45398af21fe508789da162d5df045d24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45398af21fe508789da162d5df045d24_JaffaCakes118
Size

50KB
MD5

45398af21fe508789da162d5df045d24
SHA1

5287fac6ee241f29772872032256178808faad16
SHA256

6639732e0a3c4cac7563a8c2102b18e0c414b9f6e4e8ed776fbf4bb42b26b72a
SHA512

319bd09737d63488cde219f0aafc5186bd6962577cce5a909bdb0bf900f18194d6a23540be6e50a5946a80c6e79c390051fbb6d909076322c317cd151e582a27
SSDEEP

768:zG2voXyIMummecW96FwAt4Dj+q0YOIjMFpx1:zEXBMuWcG6fAdlOcipH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45398af21fe508789da162d5df045d24_JaffaCakes118

Files

45398af21fe508789da162d5df045d24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c85d0e36ec4f93486d07c0349adade51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
WriteFile
Sleep
SizeofResource
MoveFileExA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
ExitProcess
FindResourceA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
LoadResource
LockResource

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

StrStrA
ShellExecuteA
SHGetSpecialFolderPathA

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.packet
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE