b76a496ce3c6a8c454d49fb5b4bfb10b_JaffaCakes118 | Triage

Sharing

General

Target

b76a496ce3c6a8c454d49fb5b4bfb10b_JaffaCakes118
Size

57KB
MD5

b76a496ce3c6a8c454d49fb5b4bfb10b
SHA1

9b9de65099a708abfc9191ff7f63a7df5b0deff7
SHA256

ab44ea3d8a8cca09d90e5f6487de2164c8d4b0f0ef4a3587049b914520f6ec28
SHA512

d8f362bb3aee2a7fe8b151afecfca1be063469a1b165ebb527e2fb45f761056e0196de006e68f1c052ab031b09141e4847a9db235d01fd0ed5a73befc1f9f0b6
SSDEEP

1536:GAUTafMgN0gQzT4eZzFIfyQ7dsUmTR5g1:ygCDYeOfysKU0Dc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ac-fpp.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ac-fpp.exe

Files

b76a496ce3c6a8c454d49fb5b4bfb10b_JaffaCakes118
.zip
ac-fpp.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExeS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
acme.nfo
file_id.diz
keygen.nfo