713e9850736e98b4dec16c26887de57b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

713e9850736e98b4dec16c26887de57b_JaffaCakes118
Size

32KB
MD5

713e9850736e98b4dec16c26887de57b
SHA1

558f27b4974e4f6431a97517b3fe1dd1240ebae1
SHA256

4f90ab07cc58f62ee6b7a303666f2782e21897d5d3284c5ea3e8a566dca880bd
SHA512

7338006dcab8337469394ac76583ffbc56996b69e1896308929cb9014bf8ab13246eee60bc52d59d67a6aa9445de987e8586c649617e6069bb4e51502804764c
SSDEEP

768:iIl9ZkDSkI2RR5tckozRcdePtAxYTRTpfir:HaS32RRpdeEYFF6r

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
713e9850736e98b4dec16c26887de57b_JaffaCakes118

Files

713e9850736e98b4dec16c26887de57b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e7163cbb8220d303acb31f22cb8306f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CopySid

kernel32

CloseConsoleHandle

user32

CreateCursor

gdi32

CancelDC

ws2_32

inet_addr

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE