89e9eec7a8423294f5f878236090558c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89e9eec7a8423294f5f878236090558c_JaffaCakes118
Size

21KB
MD5

89e9eec7a8423294f5f878236090558c
SHA1

821b56932698f9b79c0df357c7cfa443398aa3e0
SHA256

ba343845cd66dfbbd4a7a7f8c10b65bcb90be839a65cf8bc7bf32823fda5d0d3
SHA512

96116912c392055055e59accd1081b876877fd2d1fb2a892b8f27dcb6c5e9e2e2e042138c78f5b654ea5da339ff1c20c2ea9aea3bea3309e31677e6ff5250c36
SSDEEP

96:nPoSl3oaXkAAkeIlUZcampm6hz5FRcuFlbIQ9zcX3pmmvL5FRcuFlDN5/TZNWMoi:ngNIkAB3hFSkmhFlgTKUTVIC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89e9eec7a8423294f5f878236090558c_JaffaCakes118

Files

89e9eec7a8423294f5f878236090558c_JaffaCakes118
.exe windows:1 windows x86 arch:x86

b18eebb37119144598df4cf1d7d161dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CopyFileA
MapViewOfFile
GetWindowsDirectoryA
GetModuleFileNameA
CloseHandle
SetCurrentDirectoryA
CreateFileMappingA
ExitProcess
FreeLibrary
CreateFileA
GetProcAddress
GetFileSize
GetCurrentDirectoryA
UnmapViewOfFile
GlobalAlloc
GlobalFree
LoadLibraryA

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

user32

MessageBoxA

wsock32

socket
recv
send
gethostbyname
connect
closesocket
WSAStartup
WSACleanup
htons

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE