ea095946a9b3be84824b81383969a876_JaffaCakes118 | Triage

Sharing

General

Target

ea095946a9b3be84824b81383969a876_JaffaCakes118
Size

197KB
MD5

ea095946a9b3be84824b81383969a876
SHA1

7dbf6145d4eb36a19f00f45f124a7ddd82b72f17
SHA256

d3e01dcd94b9884795aea410227e95ba57f91c48869d875fb956a243b17d76f0
SHA512

4c1981c0fed70b87f82537f5bfb3f5821da9e4990e403e4103e6cad9c72161a46208d3c2bbb8c7ad9cbc746419c1b8c560db6b9ee9ed97f1a71268276399ea2a
SSDEEP

3072:Zk5/7hFbtDyQPn1hVC+is5EzaURHxEgCseuSGh+hCHkeWPajX96RLR6Id:SNFb0QPnz+RREgPSGh+hCSyjN6RVjd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ea095946a9b3be84824b81383969a876_JaffaCakes118
unpack001/out.upx

Files

ea095946a9b3be84824b81383969a876_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 188KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ