893f3fcd1f181b85d5ff25c61b66279c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

893f3fcd1f181b85d5ff25c61b66279c_JaffaCakes118
Size

863KB
MD5

893f3fcd1f181b85d5ff25c61b66279c
SHA1

15c3c4f97057197df4a678c486842908e5e95771
SHA256

24046b8dd88f640760d80cdc43b097b8ae1782e6cee6ae904b56554481947310
SHA512

c7678c268ec3352f90a887777d5ed36e230b1b7f12012864e23300937975fddf47611172d5aa16755df272100e9d92c6b3db454fe91fa94632d770aff000a59a
SSDEEP

24576:/9g+ZDJzLYp0yOCaqxsw0u4uZu622trcNdnUwdfgt9P1:ZpEp5txDZ4uBJadU5f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
893f3fcd1f181b85d5ff25c61b66279c_JaffaCakes118

Files

893f3fcd1f181b85d5ff25c61b66279c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bb8bd37dfea4334f04777f34b4a97003

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

LoadIconA

advapi32

CryptHashData

shell32

ShellExecuteA

wininet

InternetOpenA

psapi

EnumProcesses

Sections

.UPX3.07
Size: 819KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX3.07
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE