bf16a18f741e315d5534f39029f52f31_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf16a18f741e315d5534f39029f52f31_JaffaCakes118
Size

141KB
MD5

bf16a18f741e315d5534f39029f52f31
SHA1

9e44cbe6f76c16e1fab95f5839493d9fdec6941e
SHA256

f409801298ca922f3183e49541b4c2d1968eebd4f1589468dab099bb1529cc22
SHA512

3a25bf117a55ac9adeecae566fa558ca4fb683bfb33613922f1f033e30d757112391d8cfe58449405d9706dfb84ccc4b390cb8eed0d3e3ede58a42fdabfab977
SSDEEP

3072:nsG+tiV44R9gpjUUhD0+7O9nF8wRw/0+V:sG+tiV44KUM37UHw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf16a18f741e315d5534f39029f52f31_JaffaCakes118

Files

bf16a18f741e315d5534f39029f52f31_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01449691fb17806f0d36b4e16a1a5b1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegFlushKey

oleaut32

SysFreeString

shell32

ShellExecuteA

user32

CharNextA

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rorg
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE