3c1b87d166055cb649c8f6367d1d0f36_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c1b87d166055cb649c8f6367d1d0f36_JaffaCakes118
Size

38KB
MD5

3c1b87d166055cb649c8f6367d1d0f36
SHA1

13fde21e42d3129eb375c6a85ee21ce007bf150a
SHA256

679ed94abf8dcb8866aa527c916264dd01e63da9e0a7596979d9350b4bbcf971
SHA512

0e2097e9f6250a123fe9bdf00373da1349c6889fc535a73d8f835574a66d6d2e9b114599a74556c801b985acad17d4a767d421885f02e9e1f5e8cbc5b43c234b
SSDEEP

384:UZLbq6DSmlAB8rsDd9ajob76dZGJRwGSMxJLjy1BUw5nANqUVnOpRy:UZLbq6qDdaovYZ+wgyBt5nbUVn4o

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1b87d166055cb649c8f6367d1d0f36_JaffaCakes118

Files

3c1b87d166055cb649c8f6367d1d0f36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2db5fc21471392f3fce99055528cf060

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
SetPriorityClass
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetLastError
HeapAlloc
RtlUnwind
MoveFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
CloseHandle
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

shell32

ShellExecuteExA
SHChangeNotify

urlmon

URLDownloadToCacheFileA

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE