b253668ca457154904ea48abc66d19bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b253668ca457154904ea48abc66d19bd_JaffaCakes118
Size

410KB
MD5

b253668ca457154904ea48abc66d19bd
SHA1

d9eb79cb62b62e6a3187312d4d87e72869e35ce7
SHA256

aa808694feff84ac0a58983ee1d01622825238d9beb3dc69f5e24dcf087c131c
SHA512

f26f44135dd704c1e51fb681e230ff8e54075d2f4f070dee2e19431782ffac4a3306a12f8539fe592cddc042b0b69a99e5b8653ed03cc898f0cb1b74033240ef
SSDEEP

6144:XDfWTDDGr3SFpajvEmIL2EM7C0SnMXPcwqc2EKj7Dv4YGw7GfMNCcacxeNzP2Z9W:qTDKTSFMjwPMXPuzE0/43sGfYCDd2zW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b253668ca457154904ea48abc66d19bd_JaffaCakes118

Files

b253668ca457154904ea48abc66d19bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de39dc68941cc6307e3b2590c857a907

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA

user32

wsprintfA

advapi32

RegCloseKey

ole32

OleRun

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 67KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE