84ecfcd2ee021fe5a6d5f08b9802c287_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84ecfcd2ee021fe5a6d5f08b9802c287_JaffaCakes118
Size

340KB
MD5

84ecfcd2ee021fe5a6d5f08b9802c287
SHA1

375ef2e8efe60cc8efcf05128a36f634dba3511c
SHA256

962ec2a07c95e5cd2c02e97694bb24d4d3392c0084f16746e1cd1999ff3d4578
SHA512

767cca4fa08cabe46c617331d64e8ac3c87a2bfb67a6236ad7879aa49f91da6960ec72cdd4b23a26c6cc87eaf3b3d24228f595f04698aaf3ef33c0c5c49c9fc1
SSDEEP

6144:yMEDTrfuWjQkeyMSEyw3lSTg0wrGHlrcOMYjgnSrRzpBGMWzxlC6wOySGYYNbbY:yMEDT8YEWg0waF3NgSr5pYFv7G7Ng

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84ecfcd2ee021fe5a6d5f08b9802c287_JaffaCakes118

Files

84ecfcd2ee021fe5a6d5f08b9802c287_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c2640157896326608f41c61d04d92a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
GetProcAddress
GetProcessHeap
GetCurrentThreadId
IsValidLocale
GetExitCodeThread
DeleteAtom
CreateFileA
GetFileSize
WriteFile
GetModuleFileNameA
GetEnvironmentVariableA

Sections

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX!
Size: 272KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE