c0fdbab3ca693c9a9e0074ecdfab70a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0fdbab3ca693c9a9e0074ecdfab70a0_JaffaCakes118
Size

34KB
MD5

c0fdbab3ca693c9a9e0074ecdfab70a0
SHA1

53276688aec317e7043e290494ee22932c1c1dd3
SHA256

fb1ade0b356eee6299d5eb727f8fa058193eb17c6039c933ba8edf41646ce83f
SHA512

7d9a6b9c1a674d420053a299825b53eb9b2c11d74789cb6a312eb7afe83e4d5ef47a78990d405ef51ed6e0883f7d9f56b736c1e974ca520b051cb58da8f74b01
SSDEEP

384:w2eC6przuby9gTGwNCZaryXnz/9Ert4CjBj:HepZgLMKQ/9E54Ctj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0fdbab3ca693c9a9e0074ecdfab70a0_JaffaCakes118

Files

c0fdbab3ca693c9a9e0074ecdfab70a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b241c2388d45cec40592dd5917d8503a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
CopyFileA
GetSystemDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
lstrcatA
GetWindowsDirectoryA
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryA
LCMapStringA
GetOEMCP
GetACP
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
CreateProcessA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
VirtualFree
GetProcAddress
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo

corehook

InjectLibraryA

shell32

ShellExecuteA

user32

SendMessageA
GetForegroundWindow
GetClassNameA
UpdateWindow
GetWindow

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE