b4dc5c384b75a32e88e6ea4daecbfa3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4dc5c384b75a32e88e6ea4daecbfa3e_JaffaCakes118
Size

277KB
MD5

b4dc5c384b75a32e88e6ea4daecbfa3e
SHA1

47efc4f1e42791319d73f04e07d83aec8cf6f899
SHA256

048908f801c8cb7770733dfd727470f21c252645b0079ab6bcd081259d77a7ee
SHA512

ef1d5ef3f00c66a8ca6c894abd0ee75ae264c4decddc7b68683dd8e47b152eb5610bd87425e656b2d76d37439f7962db98f6ff825f515e8bbed1e2442d9c64ec
SSDEEP

6144:VIv9364YE8PiWX9TJNr2aRXxyiwsEptS85xZG3up6jZHZaoSgqPQ:VcQrrJNr2aJxyiwsEz5LLU3aoSgQQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4dc5c384b75a32e88e6ea4daecbfa3e_JaffaCakes118

Files

b4dc5c384b75a32e88e6ea4daecbfa3e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06f8b0204b1b95ae011e9feb66da8d8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
VirtualProtect
InitAtomTable
IsBadCodePtr
IsValidLocale
ReadFile
SetConsoleCP
GetModuleHandleW

gdi32

GetMapMode
GetMiterLimit
GetPixel
CreateCompatibleDC
CreatePalette
GetBkColor
GetBrushOrgEx
GetCharWidthW
GetClipBox
GdiFlush
GetDeviceCaps
GetFontData
EqualRgn
EndDoc
Escape
FillPath
FillRgn
GetRelAbs
SetBkColor
GetTextFaceW

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE