0b1341c0202fee840f7c7b1ec8440c4c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b1341c0202fee840f7c7b1ec8440c4c_JaffaCakes118
Size

274KB
MD5

0b1341c0202fee840f7c7b1ec8440c4c
SHA1

09327f1e5915fc46a1c32734f0c5642d14fa6b06
SHA256

46ebe7717287b63394370544a03ca68e4cfc8c632f5624979fb7b7644990ffec
SHA512

91afd7832eaae58c15e98b61178ffd9f9e49664255f63e74bcccfc300c52a485d9b692b9b8b0c64e44a2cd3d5edd42aa1792f569c058a9fede3d030681c9d589
SSDEEP

3072:FnTLoKJFlN28xMFmSEoDX0khkkkjNeuWb8X:Fn4KNiAkhkkk4hb8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b1341c0202fee840f7c7b1ec8440c4c_JaffaCakes118

Files

0b1341c0202fee840f7c7b1ec8440c4c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

init

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ