03f3af2d96a6f521db1f20e034bcaf82_JaffaCakes118 | Triage

Sharing

General

Target

03f3af2d96a6f521db1f20e034bcaf82_JaffaCakes118
Size

154KB
MD5

03f3af2d96a6f521db1f20e034bcaf82
SHA1

75d8cb55f8561144f49ad8c8eb6e0f9bed627a09
SHA256

c57b2e52d46622801f5c20b361f925b3114a8f30d21d5648342d2a1e67753710
SHA512

7a9d97e625f8063b5a96a1b29c0c625a1316bbe8cb3f9d3ea0d4f2ed30d9f64f2bf8f4c77859a6ee6ccfefb3632c418a455883c8fed52c82ae9d395d28c8f424
SSDEEP

3072:CuLBllwbD4jgjUSeU1S10Fn2JiP04sThnWLdo2KjnJqazv:CM7UjML0FciohnWB2nM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
03f3af2d96a6f521db1f20e034bcaf82_JaffaCakes118
unpack001/out.upx

Files

03f3af2d96a6f521db1f20e034bcaf82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ