45faa5133249576f114a6ccb3e52b850_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45faa5133249576f114a6ccb3e52b850_JaffaCakes118
Size

26KB
MD5

45faa5133249576f114a6ccb3e52b850
SHA1

3c2f0b149d9df906c339db357b3202def9c6262c
SHA256

28635fda0c302787c7a1a8e5436d55d25aefd5b86eccc7bc0d056475144c4269
SHA512

c07c7a856dc667a418e7cdcee2429b6b770939337c2e41b37732233d644be897b201a093ae59eb8b21ae219f744fb2e72b308fbb6867924af432e3ddd5586dcb
SSDEEP

192:HwGoxqSz/8VahTYdV1oW04q38+MlA80tSpVKnV09KvGBnVTWlS+pHi2dsa86KECy:LoxgCTeoWPG9vs/KV6KvKVTeHm6JC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45faa5133249576f114a6ccb3e52b850_JaffaCakes118

Files

45faa5133249576f114a6ccb3e52b850_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

517ace0bba4d66fe8c6e15fe8207457e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetSystemDirectoryW
lstrlenW
GetProcAddress
MultiByteToWideChar
GetVersionExA
lstrlenA
GetCurrentThreadId
ResetEvent
GetProcessHeap
GetModuleHandleA
FreeLibrary
lstrcatA
lstrcpyA
LoadLibraryA
CompareStringW
RtlUnwind

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

user32

wsprintfW
CharLowerA
GetTopWindow
IsWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE