4b53db5574df3b55b0784fc12dd34ac9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b53db5574df3b55b0784fc12dd34ac9_JaffaCakes118
Size

128KB
MD5

4b53db5574df3b55b0784fc12dd34ac9
SHA1

90f76fa38ed8a2e6383a91ed54ec740deed7aa52
SHA256

48e7cd2561a667d0f26407e04e20e6c3992d3e02e69f1d2243e7bae672665157
SHA512

88e0952b7396073fee5d8043c861b36c0503077de4283e94794e5907ad1e663445f7ee0e6d9aa6c03b08f6b02d0d5cba9f747e241f0e7bd90eda5033eda7ee3b
SSDEEP

3072:CuaodorPboBh9ipTwpOjtJGtQ3kMb0BuljHJB4d:Cfr3wAtJGK0IljH4d

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b53db5574df3b55b0784fc12dd34ac9_JaffaCakes118

Files

4b53db5574df3b55b0784fc12dd34ac9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

541a4d53f95a916a9e49d3db79dc76d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetSystemDefaultLangID
GetVersionExA
HeapDestroy
HeapCreate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
WinExec
GetFileType
VirtualAlloc
HeapAlloc
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

MessageBoxA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE