eff502be7976a313f09f31536eb97940_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eff502be7976a313f09f31536eb97940_JaffaCakes118
Size

44KB
MD5

eff502be7976a313f09f31536eb97940
SHA1

90f904cb3a57b38c4bd55f7996dcec435e5a0c2d
SHA256

e778e9dddef535a7ea50df64c6f321d2838c06d534b0e91506f4d7944ee54d53
SHA512

29eaa3a7b84e526e301b629d1eb3de598f5255390348f5e8db566e6b9f12499e5b610bbd08593583ebd51f9f3235f56bc7450bd8fe19de6d1e55e3c3c4e77db3
SSDEEP

384:ZlzmkQuSAj0cIYtsNnalwgy6sUU/L+ZNGiwcuhFqvklaYe68I46QvO/3FKydzsNc:7mJ0wT6sUU/iGiFuhsSSIAO/3FKydzsc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
eff502be7976a313f09f31536eb97940_JaffaCakes118
unpack001/out.upx

Files

eff502be7976a313f09f31536eb97940_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ