e06370e8b49d42901eff3d5c5d8b157e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e06370e8b49d42901eff3d5c5d8b157e_JaffaCakes118
Size

111KB
MD5

e06370e8b49d42901eff3d5c5d8b157e
SHA1

7e2b80d6ba08ba10b2bfcec4af29a9dda073af18
SHA256

3ec836384ed4e7e906d564669c3cf22368e8eab3d753641b1b48ca564cd5fa6e
SHA512

dcf7e3a5d57d5298b75aac54bbd6542dd3304e005b7c5d7bdc0b1dbccdb4f749f15ae1d77a03786c2e1f2024b80eee9d0f9e32bea7931dd310e3822c10298c0e
SSDEEP

3072:KLUzv/swY7bCa5dpZ674hcAunYkXdkRz+lzyFnt:KnwYqa5dpZ9YYUSuz4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e06370e8b49d42901eff3d5c5d8b157e_JaffaCakes118

Files

e06370e8b49d42901eff3d5c5d8b157e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee604da7462a64bb320e828bd1310084

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

__GetMainArgs
_cexit
_environ_dll
_fileno
_fmode_dll
_fpreset
_iob
_setmode
_stricmp
_strnicmp
_wcsicmp
abort
atexit
fclose
fgetc
fopen
fprintf
fread
fseek
ftell
fwrite
malloc
memcpy
memset
perror
signal

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE