61ac0e4295591ee8ab70ce0f098b6768_JaffaCakes118 | Triage

Sharing

General

Target

61ac0e4295591ee8ab70ce0f098b6768_JaffaCakes118
Size

18KB
MD5

61ac0e4295591ee8ab70ce0f098b6768
SHA1

472e66ec692807cea40d0e33ddc1dcb38d1f3fd0
SHA256

c3531ac80d345a4c92f7ab4ee5f04ee8f19fb92cef2b5ee501ee0077a69ac8d8
SHA512

be66ac7bbe2fb1619aa56bac4b906e373da78d90e8c8c4c84fa112792e3cdd185be3c79b5b834643723f4f4e0a8b182b529e6ced7569f15580988c0d7af51cae
SSDEEP

96:/mVuUb/lzPXBF8aMQzK6U7SiAldWHgBKX0ncHv9HmnObah+h:/mXJXMQ1u/ZFGnOWh+h

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ac0e4295591ee8ab70ce0f098b6768_JaffaCakes118

Files

61ac0e4295591ee8ab70ce0f098b6768_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ff5d9445a27501327c6dc19e0e0fc558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCommandLineA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
CloseHandle
GetTempPathA
GetVersionExA
GetWindowsDirectoryA
LoadLibraryA
OpenProcess
Process32First
Process32Next
ReadFile
RtlUnwind
CreateFileA
SetFilePointer
Sleep
TerminateProcess
Thread32First
Thread32Next
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
CreateRemoteThread
CreateToolhelp32Snapshot

advapi32

RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

crtdll

_getpid
_itoa
__GetMainArgs
exit
free
malloc
memset
raise
signal
strchr

shell32

ShellExecuteExA
ShellExecuteA

user32

MessageBoxA
CharLowerA

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE