2bbada07c3ea93edd933e97891f03a70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bbada07c3ea93edd933e97891f03a70_JaffaCakes118
Size

721KB
MD5

2bbada07c3ea93edd933e97891f03a70
SHA1

4e85c1b54ade448b1ed67d0958d49937a4f0f3a6
SHA256

338950a476d82e94ba7a794d67558ea33054db76ee0ec7bc78080da54cfdd555
SHA512

05f6bc87ea0a1899404978d5038fecc04ac9650e6b96b895ec5e4a09b0e1df41ec183c037faeaec82dc5d8b9a8ac4981bf1d1726605cc769573f97b65fea3536
SSDEEP

12288:aJ6LcRCCuygsgsoyiy3oPy/p+68aX/eGcT8B1U5h9l9xOm:aJXCCujsbiWoK/pYaX/eGg8ryh9lq

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bbada07c3ea93edd933e97891f03a70_JaffaCakes118

Files

2bbada07c3ea93edd933e97891f03a70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

647b2d25b4821905b4195ff7a6455b54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

UPX0
Size: 512B - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sjj
Size: 64B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE