5c9e045cbe6343e0b1e952963404b032_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c9e045cbe6343e0b1e952963404b032_JaffaCakes118
Size

184KB
MD5

5c9e045cbe6343e0b1e952963404b032
SHA1

86d9f76f424b77d12919444fc855f092406a7a38
SHA256

7e2abd968e185d2ed78b6e446a8d33559c43e7d3c0879e0403f67b5102aebb0d
SHA512

831df4a0d14e88259b75cea08e80c6ff0fa0039a678f90eb2f0bb28d5510d4cc710cfa503e68e6d4e4a53f390bb500d6775df9d1d418db4e23bd0a202275040d
SSDEEP

3072:1lk8N0PWWhDeMgHsbNk5sWmDyholVLwx/fWEfTrufTH9:08KhDIHuO69EA9wxX5fTru

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c9e045cbe6343e0b1e952963404b032_JaffaCakes118

Files

5c9e045cbe6343e0b1e952963404b032_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE