b74054a864b3690a857fd3749072b6b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b74054a864b3690a857fd3749072b6b5_JaffaCakes118
Size

224KB
MD5

b74054a864b3690a857fd3749072b6b5
SHA1

73db759133e04c17fde5f356f22b6819f33117d4
SHA256

0be33b23dc99c72d43e3b5e318abdb618c5d01cc128d1966351bb984450bb79e
SHA512

a744e375bfe5f40898dc14a6364298f6b7cd06a3035e810604ac733e5aaa8a1b85787113709fe36f7b1c9f49d3b673151886652d916d2c402b3bd87e4b42ea6b
SSDEEP

3072:BB514POAemKUi1re75M34+9VhQ33HTiH48mLHex:3AOAemKYMprhQ3p8ms

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b74054a864b3690a857fd3749072b6b5_JaffaCakes118

Files

b74054a864b3690a857fd3749072b6b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32ca8d5fca836efa8536566f0eee05c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
CreateThread
VirtualAlloc
VirtualFree
ExitThread
GetSystemDirectoryA
CreateFileA
WriteFile
CloseHandle
FreeLibrary
GetFileTime
CompareFileTime
GetModuleFileNameA
GetCommandLineA

Sections

UPX0
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE