e2c1a6e99ffe6e943c1afd67b0c59b76_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2c1a6e99ffe6e943c1afd67b0c59b76_JaffaCakes118
Size

78KB
MD5

e2c1a6e99ffe6e943c1afd67b0c59b76
SHA1

4da5dd9432b903e85e3291caff4ab71a76f724ff
SHA256

e0af684d136f3613576c2715650859aa3c5de51001ca00158f5b023c47d462d7
SHA512

f4aa721a35b49e13befb018996a3be858300162a4460ead3fed9f532a9ac07dd629468c16432b2bcca4125b2dfc724364a9cc52b2f8c74931e572799e4b4ccdf
SSDEEP

1536:9VVwEjD7hrBVy6E8fKXy1fWbXgTP7Yj1hsvuSeZqI1y/pecyvyAU:9VLjPhr+CaD0TP7YPsvrUqlecjd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e2c1a6e99ffe6e943c1afd67b0c59b76_JaffaCakes118
unpack001/out.upx

Files

e2c1a6e99ffe6e943c1afd67b0c59b76_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ