046178faa846870d7a8c0fc404d05442_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

046178faa846870d7a8c0fc404d05442_JaffaCakes118
Size

187KB
MD5

046178faa846870d7a8c0fc404d05442
SHA1

ec4438138f41e64c20cc541cc073f24334efbd5a
SHA256

9a657f89b3a712cadfb8fb2982f68f9011daa92c2fd819aded8cd037e322bcfa
SHA512

8ba59aa10be454ded89e0c0f50e67406e7a61fde5091ab117f6edd9fdbad610d3746b521dc602b3ffa78409f0960412e09d68b1bf172e111817c95144f5f86cb
SSDEEP

3072:IAN08ZX7l46lHo5tLqA47fGyaXB3cAoN+zlenWQ0YrSKLClS2+g6LZzApa4au:IANBJ7lD6xqA8OyaXBKN+zleFjrTe2gJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Setup.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack002/out.upx

Files

046178faa846870d7a8c0fc404d05442_JaffaCakes118
.zip
License.txt
ReadMe.txt
Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pad_file.htm
pad_file.xml
.xml