dd154f6fc3d7ffae654a7ce5f4c4c0ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd154f6fc3d7ffae654a7ce5f4c4c0ab_JaffaCakes118
Size

137KB
MD5

dd154f6fc3d7ffae654a7ce5f4c4c0ab
SHA1

3d5572d5769dd62fe0d878eb36eb70a397715981
SHA256

33edcca25e218f0f9f6124d0233aba49a8a4faf229c0fef8d051f8fc88703661
SHA512

985f69d36230bfcbfb7cea7554d24491f6e6a749a2e29ddc087b724c8e55fe7410d1ec1d36747e0baa91dfbb9f3a2edeb7ad005361c7d163dac0adb5b057f855
SSDEEP

1536:RCRcriAGLwmQkvhkpnhtPOS8pIibcoZrzZh3+tgj3DRenzfaB0h/UHex2:wceZwmQakDtPOHvQt23DRTB0Rt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd154f6fc3d7ffae654a7ce5f4c4c0ab_JaffaCakes118

Files

dd154f6fc3d7ffae654a7ce5f4c4c0ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE