5aacbe7a2564d9c572449af40bc36bc0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aacbe7a2564d9c572449af40bc36bc0_JaffaCakes118
Size

16KB
MD5

5aacbe7a2564d9c572449af40bc36bc0
SHA1

e7425f854be0a99bd8896323c928e6b9e6c0207f
SHA256

5dfc6f8fb2e48eb550ebc7b1812ec1b7f94a0d4a8d566794a423bb5418d10822
SHA512

f3fefd45abb1c911ce0923c9306d911cac0040b52a84183bd6197312d130b982fbb1ceb50814f2e4afe11e6ce3c4e8a5a99f310ab5d904e878584fbad0d76fa2
SSDEEP

384:8xZILPagxoF3qnm5SlCcP6oB3TPuxb59IBN:8xZILPagxoF3s7QoB3Ed9IP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aacbe7a2564d9c572449af40bc36bc0_JaffaCakes118

Files

5aacbe7a2564d9c572449af40bc36bc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

59893cc2c8fcede9aaa38652066cf81a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
DispatchMessageA
GetMessageA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
DialogBoxParamA
PostQuitMessage
EndDialog

comctl32

InitCommonControlsEx

kernel32

GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
ExitProcess
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetCommandLineA
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetConsoleCtrlHandler
VirtualAlloc
VirtualQuery

Sections

UPX1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE