4bcfd63b0191776c8d952b2413e84d41_JaffaCakes118 | Triage

Sharing

General

Target

4bcfd63b0191776c8d952b2413e84d41_JaffaCakes118
Size

327KB
MD5

4bcfd63b0191776c8d952b2413e84d41
SHA1

4a677238f17d36c1ecd90a81f0af790357fe5093
SHA256

5b4c552b02062777a5b2dc58596643ee9efadeb4e03ebc8e6d682f5fa8503ee2
SHA512

d682bed10d48ca33b096053b20016a8bfd2492dcccb79b3a56a7ef04d780df55773812e9e024a567d35296ad02285175b537166186ecffc48938f79ca62df031
SSDEEP

6144:X3ADubjjO7BO/KcgEM91642Z09J1AU8RpQfseqADSnL3UC:XJbH9MS7C1Up6sSSY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bcfd63b0191776c8d952b2413e84d41_JaffaCakes118

Files

4bcfd63b0191776c8d952b2413e84d41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e6a087972fef54f9fa6a0ffc7abb4ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DAD_DragLeave
StrStrIA
DuplicateIcon

msvcrt

_mbccpy
_mbctombb
_mbsdec
_pctype
_snprintf
_snwprintf

kernel32

CompareFileTime
CopyFileW
CreateThread
DefineDosDeviceW
EnumResourceTypesW
GetCommConfig
GetConsoleWindow
GetDateFormatW

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE