5a4bfc4b9f418e78e10ede2bcbe15b65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a4bfc4b9f418e78e10ede2bcbe15b65_JaffaCakes118
Size

434KB
MD5

5a4bfc4b9f418e78e10ede2bcbe15b65
SHA1

7ae7d5734a750fe83a7929dbe10bb02ad3b5f3f0
SHA256

34c6c08897a90bb20e065c9ad57c1c7c680bebc7ac4cedff84875e503abc34c8
SHA512

708a3d9c94a1919dc8306895a89a7c9db2e5a5d6cbc94897f9bec8b1d3314e8038e0dd03dbfeb2624e6cdb1332b1749e127c9f9c0fe9d7d3c9f73916931debfb
SSDEEP

1536:5gGo21TStWrVFvrYyTv1aRhr1qQmEfqhn+0dv5pFYaAbBm1HgYD:5gGo2tSwFDYyxOr19fqhn+25Uf6gYD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a4bfc4b9f418e78e10ede2bcbe15b65_JaffaCakes118

Files

5a4bfc4b9f418e78e10ede2bcbe15b65_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7c31992ab1311a93afcaa70dcc0fe257

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
CopyFileA
RtlUnwind
RtlZeroMemory
WinExec
CreateMutexA
lstrcatA
lstrcpyA
lstrlenA
CreateThread

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA

crtdll

_iob
_itoa
__GetMainArgs
_sleep
_strdup
_strnicmp
atoi
calloc
exit
fclose
fopen
fputc
free
fwrite
gmtime
localeconv
localtime
malloc
memcpy
memmove
memset
pow
raise
rand
signal
srand
strcat
strchr
strcmp
strncmp
strncpy
strstr
strtol
time
wcslen
wctomb

dnsapi

DnsQuery_A
DnsRecordListFree

wininet

InternetGetConnectedState

ws2_32

ioctlsocket
inet_ntoa
inet_addr
htons
socket
connect
closesocket
__WSAFDIsSet
WSAStartup
WSASetLastError
send
select
WSAGetLastError
recv

Sections

UPX0
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE