ec7b1ebb9d5a4054d59d6ebf5dfaf19b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec7b1ebb9d5a4054d59d6ebf5dfaf19b_JaffaCakes118
Size

16KB
MD5

ec7b1ebb9d5a4054d59d6ebf5dfaf19b
SHA1

c57eac6e929adbd1f96dfa15607fd8ce32172532
SHA256

a2defa05a41e1a89245be0b882a0bd445fa9b37def24ec050d4359a4fcbac18c
SHA512

b6a1bb28faabe539d16407b094379cae0d751ee725310eadbae2a8153d916be0bf7332df3823f57cbf39dc8831a135b829cb848308bd03c6e94bc82d4898b2ec
SSDEEP

384:O93OPkSyyNmFfR0K9erK7Xo1WQEFlAtSeaJAsmKhWT:O93ukJyNmFfFeoY1WQEF2Da+Lg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ec7b1ebb9d5a4054d59d6ebf5dfaf19b_JaffaCakes118
unpack001/out.upx

Files

ec7b1ebb9d5a4054d59d6ebf5dfaf19b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ