f297d86e115b4059f2daaef5184f0205_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f297d86e115b4059f2daaef5184f0205_JaffaCakes118
Size

253KB
MD5

f297d86e115b4059f2daaef5184f0205
SHA1

f604da523683af00ed3f722a6c1c600e588dfa60
SHA256

66f7a73cae3da161b7af5efef794299c6114bb91a36da8b260f192cf7ed10d9c
SHA512

0c8ed3f8fccc49b2e3c44c3f777d745d31f93fb9d1858671e19fd0e5b172fe8f523f6d33707fd13f14d40aebdc8bedd9bf77c94cbd91d36166489301b7610df0
SSDEEP

6144:qEii6u9QcFVJi+4IWXiUpODr4FZd5laxhdQXm6AgrRJIp:qED1npH4IIXZd5IxhmfHU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f297d86e115b4059f2daaef5184f0205_JaffaCakes118
unpack001/out.upx

Files

f297d86e115b4059f2daaef5184f0205_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ