a17a69a624cf9582bfaef2ec3dfeb4e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a17a69a624cf9582bfaef2ec3dfeb4e2_JaffaCakes118
Size

19KB
MD5

a17a69a624cf9582bfaef2ec3dfeb4e2
SHA1

5f807a9346578bdeb06c614d6163f1066a458e6e
SHA256

266bb08881639ed6e378c5ab5f846efd802e50773d9c83c292f6a733210a3c1e
SHA512

298753c734ec773e6542a101b44a72cd31ef31e098d54aa3a7ab40d06a945558cd34eb87807226a35c9829e48490ca76daf75e38c3e044c7c2112e95d04eea3c
SSDEEP

192:a2wNhW4cAKPqb9SzLZfjr/SCFPNje+IWYXndYj:a2sh9yUgRS6PN/IW1j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a17a69a624cf9582bfaef2ec3dfeb4e2_JaffaCakes118

Files

a17a69a624cf9582bfaef2ec3dfeb4e2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

df534f654130b14e96bcae5dc4446504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetVersionExA
LoadLibraryA
PeekNamedPipe
ReadFile
RtlUnwind
Sleep
TerminateProcess
TerminateThread
WaitForMultipleObjects
CreatePipe
CreateProcessA
WriteFile
lstrlenA
CreateThread
DisconnectNamedPipe
DuplicateHandle

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
_strnicmp
atoi
exit
free
malloc
memcpy
raise
signal
strcat
strchr
strstr
strtok

urlmon

URLDownloadToFileA

user32

ExitWindowsEx

wsock32

WSACleanup
WSAStartup
accept
bind
closesocket
htonl
htons
listen
recv
send
socket

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE