f7b0cdc9d7a20b55b5ece91e5fb72fbb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7b0cdc9d7a20b55b5ece91e5fb72fbb_JaffaCakes118
Size

6.0MB
MD5

f7b0cdc9d7a20b55b5ece91e5fb72fbb
SHA1

a21e08ad0100b6c4386c5d2a7f5d4afe80367bdf
SHA256

13cee193c2da0e1c39f5d8d9b0cd89d363523c7380b4c9749d1c164f476e95a7
SHA512

7d668e92e56fba0228b5e3602b1fcdf1ed714f32fe00f9b8d9e60e1077fe6fb4096a34e030de2e2977b2c7438d37fbb354723142bffba920461bae299abed6e5
SSDEEP

196608:47effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQUofydE0xi58doQpKnybCXbv1hD:47effIPEsy58doQaTzwZ8Jq3ELhf8cH1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f7b0cdc9d7a20b55b5ece91e5fb72fbb_JaffaCakes118
unpack001/out.upx

Files

f7b0cdc9d7a20b55b5ece91e5fb72fbb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.bss
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE