bb7860d7731a7a5f29be8fbbbbb8a577_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb7860d7731a7a5f29be8fbbbbb8a577_JaffaCakes118
Size

188KB
MD5

bb7860d7731a7a5f29be8fbbbbb8a577
SHA1

c5f974e15bb74f2b9cbf89a8cfd1b0cc628c5536
SHA256

5554275be6ced06c1db08d51e3938d8da31fa49ca9739ad80657b6e2ced4ac77
SHA512

94b27e32a55fd7733d70db5850ad47ccfb5b4f814b18ff58b24559a52689094e5e00fc9fd12b4bf84435bc5bbe8095e8913a8aa87493b4982378560bceb85633
SSDEEP

3072:Fwmdff2H/5HYfdGohgug/gP2FKljzRVnehEAtKXLL/ogpqwqFKrBfkI/G4kKA:FHdn2hroGJ/9KrVRAwIVKx7zkKA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb7860d7731a7a5f29be8fbbbbb8a577_JaffaCakes118

Files

bb7860d7731a7a5f29be8fbbbbb8a577_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

s92hvhof
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fmjjre8n
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

im6xk9ny
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ