cf7f4eeb3db53e71cced9b48bd4f40a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf7f4eeb3db53e71cced9b48bd4f40a9_JaffaCakes118
Size

126KB
MD5

cf7f4eeb3db53e71cced9b48bd4f40a9
SHA1

9841b4e60566344285fbbae847a6232596f8eb66
SHA256

39fc067f737e1df50e6de0316c1280c91b7eb8b839b0176cbe71ee0bcc1a70d3
SHA512

a772a486320189b9fc546c75a6bf7d04c5d694f7311b36b9cccc50e0ecfa655e9b5aafe3705b059d173a61f3b8d89bcf8474264fcf14f00af06b88c857440cf6
SSDEEP

1536:uDpDWdX+Jr0KSW0AGTDE5Cz1DYadRd+N0Df+KmYHsRpVq5UnpZPqYvEGdy41Mv0:u1KtpKSW1mDE5B6tWFW45qYsz0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf7f4eeb3db53e71cced9b48bd4f40a9_JaffaCakes118

Files

cf7f4eeb3db53e71cced9b48bd4f40a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0920a861b6384b6e8beea3ce0fd3706c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaEnd
_adj_fdiv_m64
__vbaGetFxStr4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
__vbaGetOwner4
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE