a61964eeab4fe2961e1cfa3e17ec1c77_JaffaCakes118 | Triage

Sharing

General

Target

a61964eeab4fe2961e1cfa3e17ec1c77_JaffaCakes118
Size

144KB
MD5

a61964eeab4fe2961e1cfa3e17ec1c77
SHA1

6ac82461c836567089bd1041227d02938068cb2f
SHA256

4ec5b31a73f628e288392656f6e806f328192486b77a4882105d0c6931746036
SHA512

9d6352d70d1543288bb010e5d0f0e0f5e257d8e3a3c92d4d661bbdc664423aeac8b46ca8ceff0e1099bc404d8e3c55be723bc963d32dcc1faba5d31b773b19d8
SSDEEP

3072:9WfFwrAmzpcI8KllDpetmfNZBImR6F0neEDYjcJgt2TRKJ:Mk3HDSi6CXDnkCR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a61964eeab4fe2961e1cfa3e17ec1c77_JaffaCakes118

Files

a61964eeab4fe2961e1cfa3e17ec1c77_JaffaCakes118
.exe windows:4 windows x86 arch:x86

845f31aeff0bfd0423e5a73a8fc53f12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

icuuc32

uprv_malloc_3_2
u_errorName_3_2
T_FileStream_open_3_2
T_FileStream_readLine_3_2
T_FileStream_close_3_2
T_FileStream_write_3_2
T_FileStream_writeLine_3_2
uprv_strdup_3_2

icutu32

u_parseArgs
getLongPathname
findBasename

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
printf
fprintf
_iob
sprintf
strstr
system
puts
getenv
exit
isspace
strncmp
strchr
_fullpath
memmove
strrchr
_searchenv
isalnum
isalpha
strncat
strncpy
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit

kernel32

GetModuleHandleA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE