dcbc7865cffefa3be8f1e89312f28ef0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcbc7865cffefa3be8f1e89312f28ef0_JaffaCakes118
Size

662KB
MD5

dcbc7865cffefa3be8f1e89312f28ef0
SHA1

8669b6a37a893da5f480d3357acea6616aa2e900
SHA256

255454bfec44e735b0938952837efc6cf2693910f30e2212770de6aa9247960a
SHA512

a88d0158bae28c83252dce99da36c5198f3f3fb9bf0e10fe6a062c78f02d6ae7af8770c0b887abc99d00f035cd114bd543bd0f8255429209f6b8b88d3b5f1f40
SSDEEP

768:6quJUQ4FHvHI8EdYabxhlPunapKP1DfvRHPmgpTeHiE:xQ4FVa1LGnaW1DvxP1tO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcbc7865cffefa3be8f1e89312f28ef0_JaffaCakes118

Files

dcbc7865cffefa3be8f1e89312f28ef0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f27abc7cb896c82239539aa31cf5b20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetSystemDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
SetUnhandledExceptionFilter
IsBadReadPtr
GetStringTypeW

shell32

ShellExecuteA

ws2_32

Sections

UPX0
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE