03496d401c284731aa70cd71bd6f3cb6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03496d401c284731aa70cd71bd6f3cb6_JaffaCakes118
Size

109KB
MD5

03496d401c284731aa70cd71bd6f3cb6
SHA1

5d93c4b43598445602227e8ec63eb28952caa812
SHA256

d2d0173916dc06e69f541f7cebfcac03a341f746936b60d17755829a53af0002
SHA512

ad33138b24028490ccce97499ad3b161c500a72406216ffa683b36599845ab5ff3cc55bb9e9e0a29da7973834ae25e6e35f468adcd1e97dc48a995e17ffe2d23
SSDEEP

3072:j+GcjMvHKSZyODEUvF8wyUCcN6RwO18f3G:SuCxOoeqfv46f8f

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03496d401c284731aa70cd71bd6f3cb6_JaffaCakes118

Files

03496d401c284731aa70cd71bd6f3cb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7a4d68f04506d3ae70e30b86ed6dbec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

advapi32

FreeSid

avicap32

capCreateCaptureWindowA

gdi32

PatBlt

msacm32

acmStreamSize

netapi32

Netbios

oleaut32

SysFreeString

shell32

ShellExecuteA

user32

GetDC

winmm

waveInOpen

wsock32

send

Sections

UPX0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FCryptor
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ