b5b61cc221a94b22eea0bb54d8b4e76b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5b61cc221a94b22eea0bb54d8b4e76b_JaffaCakes118
Size

329KB
MD5

b5b61cc221a94b22eea0bb54d8b4e76b
SHA1

ccfe821d24e9bb48f0f5d44504d1709f5436c4c5
SHA256

f30d89385c9038182b9e1a80b42379391c49def6912821e73c5c0536292f17a7
SHA512

490821ea27788c73aa345ef12d87196547417353e6435c35da2edab47164b68111aa952561db316f86935ed855bb22ec2e4592397ae18cb96f15e7f100746d73
SSDEEP

6144:JGis8t9EgjK3TUwKXd8BhZfIB8nXC8Im53+/EKLhBX:zsU1m3TU7N8nZkIC83yX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5b61cc221a94b22eea0bb54d8b4e76b_JaffaCakes118

Files

b5b61cc221a94b22eea0bb54d8b4e76b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE