9521ed86f41f8d0be42cfa708f948bc3_JaffaCakes118 | Triage

Sharing

General

Target

9521ed86f41f8d0be42cfa708f948bc3_JaffaCakes118
Size

66KB
MD5

9521ed86f41f8d0be42cfa708f948bc3
SHA1

421014a09c877b84b99b4d65b1c57e62fc34cdec
SHA256

d7f36135d46c7e6d524be5560593835d0a5cb71c5616e512b6948f5d376f34b0
SHA512

351cda80849222a5523d5d433859f406a477311975584563fbbed59b2c308d3d092246ad2ca8914716d8bfde89cac9501be8e1d92417be6d62b4c2c570062fd6
SSDEEP

1536:OCUBsCkKNP+xRLDLdQ7YKEFRgBz9nY5gGdcMqu:OCUBsGPWLm7YKETgBzq5gkl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9521ed86f41f8d0be42cfa708f948bc3_JaffaCakes118

Files

9521ed86f41f8d0be42cfa708f948bc3_JaffaCakes118
.exe windows:1 windows x86 arch:x86

6c3ddae3166c31d817ff94232e7de9ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
EnumResourceTypesA
ExitProcess
FindResourceA
GetProcAddress
IsDebuggerPresent
LoadLibraryA
LoadResource
LockResource
SizeofResource
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptHashData

Sections

.UPX0
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ