9ce58cce64b73d17d924aac203807657_JaffaCakes118 | Triage

Sharing

General

Target

9ce58cce64b73d17d924aac203807657_JaffaCakes118
Size

144KB
MD5

9ce58cce64b73d17d924aac203807657
SHA1

fb74920e4323dc2c2926f2c2849f0c2421eefa5c
SHA256

5681aff1b1ed5b6dfe345d3b0347f7d06873bd00eb21a41ab451b5957e1e8671
SHA512

4892a64f22fb3410445f1fa7b7014af969720ddd6d39adb53881f3f1b507631b20882cc2c11b3bd3c8178e6ca2a17305b68187925ea71f7a260b04e08389c243
SSDEEP

3072:E+Y7eG1F3DqY4NIvrVwYDNN3uKjdS1q4u/XV2K17Ty/Oy/jsoAOY7Be:E7z1pewDVwYD3+yeuvVd17tIjO8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9ce58cce64b73d17d924aac203807657_JaffaCakes118
unpack001/out.upx

Files

9ce58cce64b73d17d924aac203807657_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ