ae06d35bfa493b4c780ee6af0495a0a6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae06d35bfa493b4c780ee6af0495a0a6_JaffaCakes118
Size

675KB
MD5

ae06d35bfa493b4c780ee6af0495a0a6
SHA1

7d9a5c7d1158475e6c34689d83484ab1431975bd
SHA256

ceba911766f59886da8e40d8bbf1df64be98b1e5adca10f9214cc53b3d07c373
SHA512

29a50fc021b9b9e0bcf08edd8c8ed0d7ca40cf3b8f100ab8a8e6f00e3383ce6fea071b80ae7c303ced52b0370bf73722adce6e24c86d265dc4241076eef37ad4
SSDEEP

12288:b3xrs4ca5TlJ/A32U2/4ar47XLfQwhLT8FvRrmlO+J:bBYA5ToGU2tM3YI+vRr+x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae06d35bfa493b4c780ee6af0495a0a6_JaffaCakes118

Files

ae06d35bfa493b4c780ee6af0495a0a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9704ce85f333d7b2caeb327f87ea1bf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
SizeofResource
LockResource
LoadResource
GetWindowsDirectoryA
GetSystemDirectoryA
FreeResource
FindResourceA
EnumResourceNamesA
CreateFileA
CloseHandle
GetCurrentThreadId
ExitProcess
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

shell32

ShellExecuteA

shfolder

SHGetFolderPathA

Sections

UPX0
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE