ea868a461814748d42fb6dfeb3af0387_JaffaCakes118 | Triage

Sharing

General

Target

ea868a461814748d42fb6dfeb3af0387_JaffaCakes118
Size

450KB
MD5

ea868a461814748d42fb6dfeb3af0387
SHA1

da3c75ad058310f0c63384895cddc1656835bdea
SHA256

df9dd0b789c3a5f138ff1f504515c232ef9b0c82bc3e8e05f8ffb428105820d2
SHA512

cfb7f6f9c469901d93ca9a18cf38d884c7d6e36dc3bfb1d05a49967a35f05238a08f183b0a8990be9f8e9fbc60a2781c22afb9b53fd931171612d03b4e27a339
SSDEEP

6144:UZ8ywEn1YXLGqCh1zeMpprEA3jkIJzxOlhT03EbdF49lSK/gnfE3N:uwa11qe1igrV3bJz0l9b89kKAE3N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ea868a461814748d42fb6dfeb3af0387_JaffaCakes118
unpack001/out.upx

Files

ea868a461814748d42fb6dfeb3af0387_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 446KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ