37013e502eba178edc6b92df8eaa481c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37013e502eba178edc6b92df8eaa481c_JaffaCakes118
Size

32KB
MD5

37013e502eba178edc6b92df8eaa481c
SHA1

395a457cc9312defc58fb5560816a0da70bc18a2
SHA256

0a97b8165bd5f5653533c9216b59e0afd80b5d46cc5468eeb6217760b1159e52
SHA512

8fa6fd389202d899b7a691f32caa2f20149c79e4866bc6bfbb2f491046286d7615ae7de499b80097839f8d5c6ef034c2c2674d6ca2da3bd5bb748899531316fc
SSDEEP

768:CLaUCRl/ovvS7KKRDxIzTolX/vNpg4dX1C0HptIys0h:4afQvvSOa9BvcmDDxs

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37013e502eba178edc6b92df8eaa481c_JaffaCakes118

Files

37013e502eba178edc6b92df8eaa481c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6bcea4c87c53a49a5d7fe4b0c9b7d07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW

kernel32

WaitForMultipleObjects
VirtualFree
HeapCreate
SetLastError
VirtualAlloc
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
CreateProcessW
CopyFileW
GetSystemDirectoryW
WaitForSingleObject
CloseHandle
CreateThread
GetModuleFileNameW
Sleep

wininet

InternetReadFile
HttpEndRequestA
HttpSendRequestExA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpOpenRequestA

shlwapi

SHSetValueW

ws2_32

gethostbyname
inet_addr
closesocket
WSAStartup
htons
socket
connect
send

shell32

ShellExecuteA

msvcrt

memset
malloc
wcsstr
wcslen
memcpy
realloc
strlen
free
atoi

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE