bd2d7b7a024095cb8190d064d4faa303_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd2d7b7a024095cb8190d064d4faa303_JaffaCakes118
Size

186KB
MD5

bd2d7b7a024095cb8190d064d4faa303
SHA1

152437929ee6caec013f4a7a59cdabbf7c6845bf
SHA256

48700705f0abdd06eeb2ef1785ad64a12581309e664e5b0a57dd7088fa4a5fe4
SHA512

610809d4bc4b083c215d78fd8ac13ebfb25545772fff0a622678cf0199470fcae0379efff92442d246ef0f9e13a6df0200d5ae525becb59fd29fa2f8a1388256
SSDEEP

3072:t0RXzzUwc4O4gFaqvXlwIo+9SCmiclFNMAmlCguPTjIbqU2/M6XCIM1Xo4olN/V:t8jzUwc4OrcMPY5jTMsgmBryIM1XglNV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd2d7b7a024095cb8190d064d4faa303_JaffaCakes118

Files

bd2d7b7a024095cb8190d064d4faa303_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

b3b3ucbi
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pjdzhdso
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r0ag1k00
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ