69b0827988aedbbe5617155f89f3acb0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69b0827988aedbbe5617155f89f3acb0_JaffaCakes118
Size

21KB
MD5

69b0827988aedbbe5617155f89f3acb0
SHA1

317744608bb09c701bc8f870876ead871ec307ec
SHA256

f18a736e1d9cd7031cd52a83869b4a248bb317003bd08b804e68eeccd27f3192
SHA512

231a6b763163738abbffbe0011a1a6f30032823435c4d500a828c5e45804f949a6875ed38e79650c14f3e838535a3d6eb5d15cb7b53f72e2815c9e9cb73d9a54
SSDEEP

96:yNm9c/X+I9o+ho4XwSUSXsTajKpNGWKdt5tkC6aGIrUSC:yNmOOI9o+ho4bUSwa+udDKC6aGIrUS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69b0827988aedbbe5617155f89f3acb0_JaffaCakes118

Files

69b0827988aedbbe5617155f89f3acb0_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0d43137f9fa5ed4b982fa7761a2bfc2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
FreeLibrary
GetFileAttributesA
GetLastError
GetModuleFileNameA
CloseHandle
GetProcAddress
CopyFileA
LoadLibraryA
CreateFileA
RtlUnwind
WriteFile

advapi32

RegOpenKeyExA
RegQueryValueExA

crtdll

__GetMainArgs
_sleep
exit
fclose
feof
fgets
fopen
printf
raise
signal
strcat
strncpy

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE