89eeebc8acd465f577673e5e9acf41ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89eeebc8acd465f577673e5e9acf41ce_JaffaCakes118
Size

150KB
MD5

89eeebc8acd465f577673e5e9acf41ce
SHA1

6bddc4e9bbecee7f27a25b7c637f05c76e461e8d
SHA256

1826798b5e0da01b381de511d56b39136e88e8a0d9a1722eefdbad84d34ba48d
SHA512

9502d0f4b0740311aaf78726726e3a04b48daba80e8d5a438c6e49c91eb04f03f1675ee99634b4bdcf76857ca0862582f03065ebb197d5cf43eb43facc3a3297
SSDEEP

3072:pk/xy/LFjsqhGZMbyb78QQ0Lq9ieEpBqJrR/z/cf82BAjJYW:d2nMmPQ0Lcm4thT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89eeebc8acd465f577673e5e9acf41ce_JaffaCakes118

Files

89eeebc8acd465f577673e5e9acf41ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64ee764367f47bfe75a9e2aa9bf9559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdtcexe.pdb

Imports

kernel32

GetCommandLineW
GetModuleHandleA
GetStartupInfoW

msvcrt

??2@YAPAXI@Z
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstok
wcslen
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
wcscpy
??3@YAXPAX@Z
_initterm

msdtctm

ord4

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE