9634d4bed58a3a5f421cba174dc4ab1c_JaffaCakes118 | Triage

Sharing

General

Target

9634d4bed58a3a5f421cba174dc4ab1c_JaffaCakes118
Size

645KB
MD5

9634d4bed58a3a5f421cba174dc4ab1c
SHA1

796dd82b0e19782f1b2e797e94a5a285f63f0255
SHA256

c8d461224d4f556023180aece6a3bb1d51d62c9f108b78db5c98801538080ba3
SHA512

b3b8bb33080f60514d725150b11ace024c40c942fa2ed8ce49546edc7c1554ed869a418bc012abbbb70d1241c56c9e5296b86b4aa2665c56394e6782658ce858
SSDEEP

12288:MwpHwhDYnWPu2Ek6gxRNgifsQffUBJK7HCdA8K79HLq6XhMj8ofG0erj617o:qhD3PwgVmdAzbXadfGeU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9634d4bed58a3a5f421cba174dc4ab1c_JaffaCakes118

Files

9634d4bed58a3a5f421cba174dc4ab1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de39dc68941cc6307e3b2590c857a907

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA

user32

wsprintfA

advapi32

RegCloseKey

ole32

OleRun

Sections

UPX0
Size: - Virtual size: 828KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 522KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 68KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE