c2a138ca765f352688f661edf4b30672_JaffaCakes118 | Triage

Sharing

General

Target

c2a138ca765f352688f661edf4b30672_JaffaCakes118
Size

34KB
MD5

c2a138ca765f352688f661edf4b30672
SHA1

e5a58f09fca6ab46b381e6a7c8d743aed972841d
SHA256

04fda6f1237fdb17bdcb39a78c792e52036d0088066f9c9d05ce4028c2a53627
SHA512

268f2e1a45d5063ec79c0b2bb22667f4ebf147ca01deb13517b5986f27f81cd08cafaf7dca6e63b5a129c362038c71bc655391d26ab168e4a944257126ac1b91
SSDEEP

384:nCDXLZz4HjwAJ0mliJEOxQRxbIVyQFxWPBQn60XqqY:/jwA89x+0xDoQ66qqY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2a138ca765f352688f661edf4b30672_JaffaCakes118

Files

c2a138ca765f352688f661edf4b30672_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8509102f4b3e9a722b4e488b9c8f6e8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
CloseHandle
DeleteFileA
CreateProcessA
CreateMutexA
OpenMutexA
GetSystemDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
WriteFile
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetStringTypeW

wininet

InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetConnectA
InternetCrackUrlA

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE