0228e3e9d5f66d7542d3fbb599c44a37_JaffaCakes118 | Triage

Sharing

General

Target

0228e3e9d5f66d7542d3fbb599c44a37_JaffaCakes118
Size

33KB
MD5

0228e3e9d5f66d7542d3fbb599c44a37
SHA1

c93f3d355fe4220c6d5671caa307aa91b67dd672
SHA256

b7860bc861a956bf28cee842842f4bb34a812b382b03d08f03f534f6e404289d
SHA512

889c39b90048906de6ae676397cfe310cebe4ab2dc2640aa5c5aba22fe270c47fa2c181500d5c981bea8b2d80196756eb479a69bfb2dd3a9595aef742cc14600
SSDEEP

768:d3N8k7XqFdWZWQQm9fD019NCJvnW66h0Pl2q6Ke+q3wJET8OqjJ:FN7XqPjQQmhD019NCJuMgd+6nm

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0228e3e9d5f66d7542d3fbb599c44a37_JaffaCakes118
unpack001/out.upx

Files

0228e3e9d5f66d7542d3fbb599c44a37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ