e2af28e0886c2eac2c1bc0198d408fbf_JaffaCakes118 | Triage

Sharing

General

Target

e2af28e0886c2eac2c1bc0198d408fbf_JaffaCakes118
Size

57KB
MD5

e2af28e0886c2eac2c1bc0198d408fbf
SHA1

d39b0eeb661659ce208a128f7990dea42b5575a8
SHA256

11ea6a6f185c128d1d6f0ab96cc92cba13b9f3bcd708f547842fec4bedeffbac
SHA512

f9ee5828db2240dd0f0ac326c7cde60bcb1fb56883c7e85baabdae294f6aebd9ad9b54236a4012fb83424b0ffa61c8126480b4c8286498841e6f30109d1b35b6
SSDEEP

1536:gXLjkvVqiQ0hdOCF51dEB6ki6ge8EA69p+Qb:qLj00i1d131SD836nzb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e2af28e0886c2eac2c1bc0198d408fbf_JaffaCakes118
unpack001/out.upx

Files

e2af28e0886c2eac2c1bc0198d408fbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ