0266572ca8935bd0bda48560021ed70a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0266572ca8935bd0bda48560021ed70a_JaffaCakes118
Size

227KB
MD5

0266572ca8935bd0bda48560021ed70a
SHA1

01cb0372f0f982d18ed76b543e94f7ed2bf089f9
SHA256

bd9eb5ae1b823f796d9ec03295cc62bb4ed2d15e1f5959f3c757269d6d75a2e9
SHA512

f79b95dc258b13a53dee2ec514f044f56a73de9b75b7cc65a006f4cea3dbbecb3d7ebf2d572f1eefdb2ed9a345d52e71455cc35e6a52c50bbb5335d34b6af69a
SSDEEP

6144:ogL3ir+VbdV88ixXW3eBd+IG3Ezcga43zP7GS:0edOB+6d9cgaqT

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0266572ca8935bd0bda48560021ed70a_JaffaCakes118

Files

0266572ca8935bd0bda48560021ed70a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bd59c22dce58b659cdac0eb670da1a2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DeleteFileA
CopyFileA
HeapAlloc
GetProcessHeap
FindResourceA
SizeofResource
LoadResource
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
MoveFileA
VirtualAlloc
GetUserDefaultLangID

mfc42

msvcrt

_adjust_fdiv
malloc
_initterm
calloc
free
realloc
__CxxFrameHandler
strlen
_mbscmp
memset
rand
memcpy
strcmp
_strlwr
_stricmp

user32

MessageBoxA

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE