ed2dc7085eda8a1c5757e19aa2b9897c_JaffaCakes118 | Triage

Sharing

General

Target

ed2dc7085eda8a1c5757e19aa2b9897c_JaffaCakes118
Size

1.2MB
MD5

ed2dc7085eda8a1c5757e19aa2b9897c
SHA1

4e7a4f2dda2eb8b24400eb2ed20a7c3708d96f41
SHA256

5355646eb9a218d90217a6ac5cd6f3e29f498602e98f51557924612c0be7f6eb
SHA512

0c221a706398dbd0df0c874eac0bed7e8aba2647aaedba462959e0f7b5c822c0f03575e52e29e017999ca9723c10db5f4d20ff410c2b9428bd6cabe04b5eb35a
SSDEEP

24576:uiCciksUc6OeJxvZavIDfMfxzBERSJtv6zMqBZqqFg4yBIuuxU32WnSn:9CcikP5FxvZavIDyxziR8SzMU3g4yeZF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ed2dc7085eda8a1c5757e19aa2b9897c_JaffaCakes118
unpack001/out.upx

Files

ed2dc7085eda8a1c5757e19aa2b9897c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 500KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ