05f17040c50ffd68df134ebd94fbdf57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05f17040c50ffd68df134ebd94fbdf57_JaffaCakes118
Size

52KB
MD5

05f17040c50ffd68df134ebd94fbdf57
SHA1

9444b5d08818eb9dbd8f8ccd35356af876d84378
SHA256

faa499bbf28fe8d52763c5f0d5e86b5f97d97f437acd74bc6b2cff10526d48dc
SHA512

cda8a30787e38bc7cddfd00698cdc7cbe079d1157facaa487ef855d749958fcd1337d472ffe653a21d13402d3c2d6ec1b3bff0a7111ce20e4f2995e48d2e1270
SSDEEP

1536:CMqRadI1yZOCgOPcBoT38zh/x0cdmu1kC:Z+gI1Mz78h/x0c8u1kC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
05f17040c50ffd68df134ebd94fbdf57_JaffaCakes118
unpack001/out.upx

Files

05f17040c50ffd68df134ebd94fbdf57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE