ba59be217ca863d2398a21eb033dcedf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba59be217ca863d2398a21eb033dcedf_JaffaCakes118
Size

78KB
MD5

ba59be217ca863d2398a21eb033dcedf
SHA1

8c4da9baca02742a7df3808f929fa0a22e578e88
SHA256

2e6bae8d2cf9fbc0a235802353862c7c8788ef5ed50dfb05cfb33396d4a441f5
SHA512

abd91a8029c2b32a60b7bf363a4e6df42633a216a0419078b484566fc4c25e1954e226f2fca525476db55c47ab310089e98e362c7e8c72cb5cc7494f186cec37
SSDEEP

1536:WBQY9pj1PIVJeiersvEj7jz0On9D+N3XFVBnhMjC8vL:WBQY9pjieLrMEfjzzJy31V5CL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba59be217ca863d2398a21eb033dcedf_JaffaCakes118

Files

ba59be217ca863d2398a21eb033dcedf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pe9tq2xv
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j4jxxyt4
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e7rtp59n
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ