fd14267a9a7924ef0614caffcd488043_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd14267a9a7924ef0614caffcd488043_JaffaCakes118
Size

18KB
MD5

fd14267a9a7924ef0614caffcd488043
SHA1

5215053adebdfa7850c5d364dbcb0513219655da
SHA256

0c35d3a61b4b468fe0a99ea7c485498b8623a4fd212dfb216343a8f71e0e7607
SHA512

a95ba8ebec6af45962baed73daa0b9c4f6c294c41cd30397e7e6ffed82bf44e3385ff39e6237348b74ba0bf6835882aec17f5050fd2e995e490fbd16b4f4657b
SSDEEP

192:dz6kOM0OoTwBMG9TD9+u+wSrD2LiThNf4lTZ7NffKiV+6bQin:d1OM0OoTwBMETDEuzSX2LCcZ7p3V+vin

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd14267a9a7924ef0614caffcd488043_JaffaCakes118

Files

fd14267a9a7924ef0614caffcd488043_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e5b457099aee35158729f3691a243e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
GetWindowsDirectoryA
GetStartupInfoA
GetLocalTime
LoadLibraryA
GetModuleFileNameA
OpenProcess
TerminateProcess
FreeLibrary
CopyFileA
GetCommandLineA
CloseHandle
CreateThread
GetSystemDirectoryA
DeleteFileA
EnterCriticalSection
CreateProcessA
LeaveCriticalSection
ExitProcess

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

msvcrt

strlen
memcpy
strcat
strstr
fopen
strrchr
??3@YAXPAX@Z
fread
??2@YAPAXI@Z
ftell
fseek
strncpy
fwrite
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fclose
memset
sscanf
strncmp
strcmp
sprintf
_XcptFilter
strcpy
_exit

user32

SetTimer
GetMessageA
CharUpperBuffA

wsock32

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE