cfc64e62a7f0a9a660c4a5801ef2051d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfc64e62a7f0a9a660c4a5801ef2051d_JaffaCakes118
Size

26KB
MD5

cfc64e62a7f0a9a660c4a5801ef2051d
SHA1

4674da446ea5731644437be4330476ec11ce23fd
SHA256

a352a402c4360a191d5c43018d6c863ddbf7071762787b578dee72ab0616aeba
SHA512

1b36f404f968ee03e2f842288a1bedf0a36a77aa0e3d249b3f932bf8f5949f5c8a03aad10137993e433667f946caa9d25b577f04674359f5761862bb012a330b
SSDEEP

384:xHf2fB9sARG3tfVnJ1HdOYYE1zW/rRFcKpza:R2fkARktnD9DYNrRF9xa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfc64e62a7f0a9a660c4a5801ef2051d_JaffaCakes118

Files

cfc64e62a7f0a9a660c4a5801ef2051d_JaffaCakes118
.exe windows:1 windows x86 arch:x86

49ffc6c0197fc9f3177085cc33cc5588

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
GetComputerNameA
GetFileSize
GetModuleFileNameA
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTempFileNameA
GetTempPathA
GetThreadContext
GetTickCount
GetVolumeInformationA
GetWindowsDirectoryA
LoadLibraryA
OpenProcess
Process32First
Process32Next
ReadFile
ResumeThread
SetThreadContext
Sleep
TerminateProcess
VirtualAllocEx
WaitForSingleObject
WinExec
WriteFile
WriteProcessMemory
lstrcatA
lstrcpyA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

ntdll

strstr

user32

CharLowerBuffA
wsprintfA

wsock32

WSAStartup
gethostbyname
gethostname

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE