702696dfb0ff6896c5ac0c3b8585e1c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

702696dfb0ff6896c5ac0c3b8585e1c3_JaffaCakes118
Size

76KB
MD5

702696dfb0ff6896c5ac0c3b8585e1c3
SHA1

25681b9590e815db204361f39401cbf25d295d00
SHA256

423d8072c722c12b1a4e8069b5db15cfe5899b415a4e120ee928ad37deafac3f
SHA512

350a66fa6bab446fa136d7a1e59b1c4a2d3f16e2e6b25528ced67a977b37927189b09ee13df3aa7cbc1fbc1a956821e2b815d555f5fb64b65163107961fb8c36
SSDEEP

1536:5c3P1VZxbbhMQLP7tA09BIZU3+skcYjwgLYfTSNi6+7OQEPz:G3Ntbb+Qz7q2uskNjqfTSNi5rEPz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
702696dfb0ff6896c5ac0c3b8585e1c3_JaffaCakes118

Files

702696dfb0ff6896c5ac0c3b8585e1c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qj03cgeg
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wbybwl6h
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eg12gdz2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ