6ef0ca09a3be36ffee75ce5c59cccb65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ef0ca09a3be36ffee75ce5c59cccb65_JaffaCakes118
Size

377KB
MD5

6ef0ca09a3be36ffee75ce5c59cccb65
SHA1

91a1102019f928b82417c50fd8b2fd91a8cb917c
SHA256

2147bc84ab7b494382b452653f369c7abf396964847a79f22798c74b9deedd35
SHA512

0e55d97281181f0875d02236f277acff76fc9b8121687e01800759030ae25b0e104f2207084cb732dfaf2a319403ebb3ccbce4b75ea9bcb8319060636228eced
SSDEEP

6144:TEm6eN4BlO7uKSIAj9Df9aoYFGoVfX+jT0wEzWQVqUPhUmtBH6/JukdkI7tjiLyS:nXKfKSH979ao4ZVWHbQVqUPNtBeJ/uKe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/Keygen/keygen.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Keygen/keygen.exe

Files

6ef0ca09a3be36ffee75ce5c59cccb65_JaffaCakes118
.zip
Arial.Sound.Recorder.v1.5.9.WinAll.Incl.Keygen-CRD/Keygen.zip
.zip
Keygen/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.khe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Arial.Sound.Recorder.v1.5.9.WinAll.Incl.Keygen-CRD/crude.nfo
Arial.Sound.Recorder.v1.5.9.WinAll.Incl.Keygen-CRD/file_id.diz
keygen.nfo