aacc2f9a77b1f796c2cda492e5294a0d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aacc2f9a77b1f796c2cda492e5294a0d_JaffaCakes118
Size

203KB
MD5

aacc2f9a77b1f796c2cda492e5294a0d
SHA1

f51f6196dc434e78ca28fae1784c224fc2db53ac
SHA256

4990eb018843b6f8e304e7835d521297f02d972c69a475146e955d176792b618
SHA512

70acf8abc43052b504b20fe6d41f1d55a6184c6d6fb5fe7213ce72b3dfc7bbb2031c44399937b45109d8c58758552a935c142f9660cfc2e8d171043b3f3f6bb3
SSDEEP

1536:PnvgNrhfvnkrZwuyXcKAbJs81BoGuvX174A1KP1FwVh2e1YsB:fv49vnkrZwF2a81uHvl0A1wyYs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aacc2f9a77b1f796c2cda492e5294a0d_JaffaCakes118

Files

aacc2f9a77b1f796c2cda492e5294a0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a69e725bbb33e2e9bce602f51982972a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FindAtomA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

msvcrt

_fileno

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ