d0ab154e3de2d11eb388cec989efafdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0ab154e3de2d11eb388cec989efafdd_JaffaCakes118
Size

141KB
MD5

d0ab154e3de2d11eb388cec989efafdd
SHA1

4bbb8b63977b9fc457e3df297b5053ffb3e44432
SHA256

e702452e40e6e9bbd5ac58256d3bd4a8b8398095b572a99897ab11fe2d5a3ffc
SHA512

11f27a6b4fc600406fc648345d35a9acde97db429e0a16cb061fb4d2e75add380e2d2b5afb732a8cf8063aeed9a351f80bdfa6b884871bb6298029c1f7f50391
SSDEEP

768:iLhFmN0YXAxpr/pQWeuIKeunHeu/9Ugucytnb6XXtcYej6c5Qk4RVhFzecgGFhFd:YGN0DxpLeayZbScYej6mQk5cgN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ab154e3de2d11eb388cec989efafdd_JaffaCakes118

Files

d0ab154e3de2d11eb388cec989efafdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7faf508448f3d57d6b813eb1b63a2094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GlobalLock
GetFileSize
TerminateThread
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
_lwrite
_lread
_lopen
_llseek
UnmapViewOfFile
GetTempPathA
SuspendThread
Sleep
MapViewOfFile
GlobalAlloc
CloseHandle
CreateFileA
CreateFileMappingA
CreateThread
ExitProcess
ExitThread

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor
SetBkColor
GetStockObject
CreateBrushIndirect

shell32

ExtractIconA
DragQueryFileA
ExtractIconExA
ShellExecuteA

user32

SetWindowLongA
SetDlgItemTextA
SetCursor
SendMessageA
MessageBoxA
GetCursor
UpdateWindow
LoadCursorA
GetWindowLongA
GetWindowDC
GetSysColor
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
CallWindowProcA
MessageBeep
LoadIconA
GetClientRect
DrawIcon
EnableWindow
FillRect
EndDialog
DialogBoxParamA

Sections

UPX0
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE