bca9cf066a04c8b03c6e3ea20ed163d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bca9cf066a04c8b03c6e3ea20ed163d1_JaffaCakes118
Size

1.1MB
MD5

bca9cf066a04c8b03c6e3ea20ed163d1
SHA1

e4fc8e9a2ec4b8bd41159c4f2361ce4d91dd550a
SHA256

32a85750db499487d2b8df4ca842ced31cac4c453e981c1b668c534fbaa897ea
SHA512

ae52e76bd4d28227fd6bd5b99ab6702238b49a932c42c9847565d88e3ebc01f9ee89574d33970dec05e98c6aad1d33811154d714723d4c4818bf04a0b2a6651f
SSDEEP

12288:IMqIpS+ZQiQMrd+9eIjBSQs62ALFFfJdRpNtFAYEtIOpO/vYKjAoSJUs0:IM1pS+ZQifdALJxFBd5tFlGFp7+F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca9cf066a04c8b03c6e3ea20ed163d1_JaffaCakes118

Files

bca9cf066a04c8b03c6e3ea20ed163d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

av_profile
ortp_logv_out
payload_type_amr
payload_type_amrwb
payload_type_evrc0
payload_type_evrcb0
payload_type_g7221
payload_type_g7231
payload_type_g726_16
payload_type_g726_24
payload_type_g726_32
payload_type_g726_40
payload_type_g729
payload_type_gsm
payload_type_h261
payload_type_h263
payload_type_h263_1998
payload_type_h263_2000
payload_type_h264
payload_type_ilbc
payload_type_jpeg
payload_type_l16_mono
payload_type_l16_stereo
payload_type_lpc
payload_type_lpc1015
payload_type_lpc1016
payload_type_mp4v
payload_type_mpv
payload_type_pcm8000
payload_type_pcma8000
payload_type_pcmu8000
payload_type_speex_nb
payload_type_speex_uwb
payload_type_speex_wb
payload_type_t140
payload_type_telephone_event
payload_type_theora
payload_type_truespeech
payload_type_x_snow
payload_type_x_udpftp

Sections

UPX0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 410KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE