d4306c7a55560ba3cbbb1205f50ed014_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4306c7a55560ba3cbbb1205f50ed014_JaffaCakes118
Size

150KB
MD5

d4306c7a55560ba3cbbb1205f50ed014
SHA1

4f483f7391cedddb47707466a79334b384632c80
SHA256

a8c4129d9e557190fcfbd2d90848d87cfa7f742bba51764a8bbbc05a21b8718c
SHA512

dba473284554febd75f4c4846c2613e5b6c2c9d40294ddf9a9d10b2e1d89b2b4b44054e97b0d1a082a229d9e43098f3f6d19c02d44fbed936bb12badd6bacfa8
SSDEEP

3072:3ow+Or46b3wxSWmZzWov62D8wuntn/6jQepBc3LbwugPD:4whramZzH4/B/6Tc3g/D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4306c7a55560ba3cbbb1205f50ed014_JaffaCakes118

Files

d4306c7a55560ba3cbbb1205f50ed014_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64ee764367f47bfe75a9e2aa9bf9559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdtcexe.pdb

Imports

kernel32

GetCommandLineW
GetModuleHandleA
GetStartupInfoW

msvcrt

??2@YAPAXI@Z
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstok
wcslen
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
wcscpy
??3@YAXPAX@Z
_initterm

msdtctm

ord4

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE