eb4ffe2515ccd62d7b059a6a29c87271_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb4ffe2515ccd62d7b059a6a29c87271_JaffaCakes118
Size

1.2MB
MD5

eb4ffe2515ccd62d7b059a6a29c87271
SHA1

a455501409a3e4161bfa3bfa83d736f8631a2901
SHA256

50ec68191480819b1127186c99231adabecbdaebe4ce82f96a3ca5e2e9f1dbab
SHA512

76abce8c60d24f7549889c51de246cbdaa2cb720ce9709384d94f321c29b65baa421e73bd0da5d05b97f8cd06ffff6ca2e947b2f8c26891b50cb4a1abd919e54
SSDEEP

24576:BAHnh+eWsN3skA4RV1Hom2KXdmyfL1th/hQQIOXjG75N:Yh+ZkldoPKtzfL1txS7OzG9N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb4ffe2515ccd62d7b059a6a29c87271_JaffaCakes118

Files

eb4ffe2515ccd62d7b059a6a29c87271_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE