eb5216dcc8e84937ead46858a881df03_JaffaCakes118 | Triage

Sharing

General

Target

eb5216dcc8e84937ead46858a881df03_JaffaCakes118
Size

1.1MB
MD5

eb5216dcc8e84937ead46858a881df03
SHA1

cacabf69c11b5d716654349fd3b368e780c0a6df
SHA256

e71f4574fdab90b01db5afed81a45a3c5a1f45e2961b996482414edbbe97fb6b
SHA512

bab84ac304ae8c482968388daf2db98f0428f9945a143358bd626d9e590322946cea37c194d1caf36a33046add88ff1225f0eb71c264b119569c7a876d2cac63
SSDEEP

12288:gOtOB0VureZJys73dOvXDpNjNe8NuALvr7QeN/7YkrWBfWhvRhQUg6HTE:fObeZJ8NI8xLD7QeN/7DSBfWhZE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
eb5216dcc8e84937ead46858a881df03_JaffaCakes118
unpack001/out.upx

Files

eb5216dcc8e84937ead46858a881df03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ