b3d25f8bf2e0e9477410ff7cc768fdc8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3d25f8bf2e0e9477410ff7cc768fdc8_JaffaCakes118
Size

112KB
MD5

b3d25f8bf2e0e9477410ff7cc768fdc8
SHA1

e71ac3836a90ccc3aa7ffd99ba92bc5a1d68c07e
SHA256

49020cdd34d8cb502af02664f8bc0117f6d263a0cf80941e17fd089b1d24f150
SHA512

d057f1cad43fab541c1c81a92840cd0bf8556af92b7404a9d07746a97f467e7c26b2df57657d3df5c0c4bf230f74386958e22b2a13f2466f20c463cf4b2c40ee
SSDEEP

1536:a7WNK19GvF8QkanG5tPnvCoj2/gxjtXCsudWlEdGkHLhruM0oTvJht62ufaA7ERg:a7t1u8Qzwp04huTGOF9ThFuN7ERuv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d25f8bf2e0e9477410ff7cc768fdc8_JaffaCakes118

Files

b3d25f8bf2e0e9477410ff7cc768fdc8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE