5e3abfccf0fc36b75af107252945097c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e3abfccf0fc36b75af107252945097c_JaffaCakes118
Size

252KB
MD5

5e3abfccf0fc36b75af107252945097c
SHA1

8241671991ae8ec84a6bed355f38b1dd5ef4a875
SHA256

4ab0b394ed0092ba91979366425decaa29bb10ea232bc6a47613d7d96196a0f5
SHA512

9c945edb62601ec7f5fb4ab35c58af0fbbd959e0880aeb31905fd64adf5c6bf03b927e33a77dad099f0fd3cd143e041bd983b99f01fee4325d5d332a5d0a1370
SSDEEP

6144:IREwqUE0DFNOuKMikLgszkdCeUtxCECUspEMnLEC:ILpDvOuKS8szRxXUEMLEC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e3abfccf0fc36b75af107252945097c_JaffaCakes118

Files

5e3abfccf0fc36b75af107252945097c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8dh4fwyt
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

w4sytd8u
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ojv0ciku
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ