0dc99ae8849835f45316b68113f223fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dc99ae8849835f45316b68113f223fc_JaffaCakes118
Size

38KB
MD5

0dc99ae8849835f45316b68113f223fc
SHA1

6ddae898b94746f8b31db9bfd0742f3eda1638cb
SHA256

dcdf7a22b04a978da6f0e4e7256b666a9d15d68862b04fc8a7bf438884b42af8
SHA512

b4f0565250c421318c0113ef3eba570b88f318081967a5709daa463f29412b5c4d1c4c51ffa3e0f6999b0ce9a3c338e3936f57e496b088faf3dc3e6a6cfb172b
SSDEEP

192:+RbZ9rSaoJ2+DBh5kIq5H8rzjR3OhkLOrYSf9sg6zn8ToJJ2Bp3S/PQGxOSByuf:MZcaoPBXkIq5ozV/EYSfyQo2P6PQsBf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc99ae8849835f45316b68113f223fc_JaffaCakes118

Files

0dc99ae8849835f45316b68113f223fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE