d1947141b5b0a13b687e82d9138b5626_JaffaCakes118 | Triage

Sharing

General

Target

d1947141b5b0a13b687e82d9138b5626_JaffaCakes118
Size

32KB
MD5

d1947141b5b0a13b687e82d9138b5626
SHA1

76c0081704f9566b9039b0192137f83f32487a2e
SHA256

2a961fae80c5fbb0686b1f5ad83868dee5a16750ff93cea22fb1e55658a9c0d1
SHA512

305e510aa507c6a5897674ab3145a5fd643c365445f2f1c5ba9fb7a3d7b0fda3e04ea81df9290b9cf2c16b5981cf59a4be62c31a9d86a41ccd1623e6a6e6c9ef
SSDEEP

384:sOicucD8i1mzM3TQYkQmeZOzH5f+qc0XdrFYNrxUVcbeOZcS9yJq6M79:NdV1YM3JHkTd5erqVseOd9lf79

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1947141b5b0a13b687e82d9138b5626_JaffaCakes118

Files

d1947141b5b0a13b687e82d9138b5626_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE