26bf3f4f732583afc94457e4df202a4f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26bf3f4f732583afc94457e4df202a4f_JaffaCakes118
Size

18KB
MD5

26bf3f4f732583afc94457e4df202a4f
SHA1

018e435739e6b0c141a267e5909533f1ef920e27
SHA256

bde5aaa60de10daf8bb2659f407352a809b3504fcc9e01fdd31b542b5d4e228a
SHA512

41f0ce20dd0c0e1eac49c311357705c48abd32a581658be49077f1a3b8cab1961b5f17697117b7346fd11ffbf69debe43fedbeebe2045b24bf9874e570fbf51a
SSDEEP

192:NnbdHLRZNJOWlBMSxxPHHuNiLaHFHP1t6b/Gq9h/K8:XRDJOWlBMyP4iLaHFH9t6LGq9h/5

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26bf3f4f732583afc94457e4df202a4f_JaffaCakes118

Files

26bf3f4f732583afc94457e4df202a4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67ead45394d96383d8fad6549a4279d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
GlobalAlloc
lstrcatA
DeleteFileA
GlobalFree
lstrcpyA
GetVersionExA
ExitProcess
CreateFileA
lstrlenA
Sleep

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE