cf43bc072978d4dc8c5336ccc55594f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf43bc072978d4dc8c5336ccc55594f7_JaffaCakes118
Size

150KB
MD5

cf43bc072978d4dc8c5336ccc55594f7
SHA1

3669ab443595bb95236557105ab0c29f4eb229e8
SHA256

0c6376075a518d2b98878fdecc3021b1d2acde03e0f3ad9548d2028b6610661c
SHA512

b0504392906470fe45cfcc78280394e83c219ef59a30fd4730851051e7e4ca1015111e7c1efbfb9237081bf700d4e323eab0dcce125fe9c234c996cd8ee6402b
SSDEEP

3072:ssHjuQWL6T4aq6c/UAraHbr2ivp8QXuTFbBRe4cZWTuYHG4+mVyw:4LyX1crraruhbBYIT+mw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf43bc072978d4dc8c5336ccc55594f7_JaffaCakes118

Files

cf43bc072978d4dc8c5336ccc55594f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64ee764367f47bfe75a9e2aa9bf9559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdtcexe.pdb

Imports

kernel32

GetCommandLineW
GetModuleHandleA
GetStartupInfoW

msvcrt

??2@YAPAXI@Z
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstok
wcslen
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
wcscpy
??3@YAXPAX@Z
_initterm

msdtctm

ord4

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE