b5fbe5b905e365f212e9ed69c2dbdd58_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5fbe5b905e365f212e9ed69c2dbdd58_JaffaCakes118
Size

2.9MB
MD5

b5fbe5b905e365f212e9ed69c2dbdd58
SHA1

c6d0912fbd3c5e29d9bb8a98b1e547362eabaaca
SHA256

12d0453d388cc2771c66040c989d942bb6d10879ae7f396236cd030f226d25c1
SHA512

f6bfb360a16ea1e65e525e779574b1bf2f0a34639e4aea857f905b6eb5aa696adbaea9b54c7d6e41223e5bb50da0cbe99f29420117fbf204a2c59b92f6a4b13b
SSDEEP

49152:0ulrm6CUI/G0+CP5qk9Wyg5466A9aq0s7Z1kbUyluoRadIiyG0QbWZkKpuvbtJyg:/nMJP5ei66Tq0st1kplucy0G6kKpkbtz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/????.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/????.exe
unpack002/out.upx

Files

b5fbe5b905e365f212e9ed69c2dbdd58_JaffaCakes118
.zip
????.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
??????.txt
????_????????_????????_psp??_????.url
.url