efa5e7117bb5c6b821a2e85ede56d564_JaffaCakes118 | Triage

Sharing

General

Target

efa5e7117bb5c6b821a2e85ede56d564_JaffaCakes118
Size

7KB
MD5

efa5e7117bb5c6b821a2e85ede56d564
SHA1

881283316cf188af77566652062d8ac804b2c7b8
SHA256

183c5ff6500ec57a00cd1ac356ade05ee03e3691c90df3289f88ea2aec77893b
SHA512

b35152f128e030a00c67e9159fdd0e3084dd696ab9482dbb682d328f6beb6593c661fa72ddf86bd241b61d58e8e867b40af0bacce84ba76b04aa9b34e0e5c210
SSDEEP

192:LrkLbrXqH2yNuD/1St4ImR6YcRXmLBRqgVBxLLLLLLLLLLLLLLLLLLLLLLLLLLLE:WHQnNK/124dRrMgpLLLLLLLLLLLLLLLE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efa5e7117bb5c6b821a2e85ede56d564_JaffaCakes118

Files

efa5e7117bb5c6b821a2e85ede56d564_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8245b89b69c5ffce5d231a6851c92032

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConnectNamedPipe
OpenWaitableTimerA
TlsGetValue
CreateVirtualBuffer
EnumSystemLocalesA
ExitVDM

gdi32

GetCharABCWidthsW
GetColorSpace
GetRegionData
ScaleViewportExtEx

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE