064b9ce3bc6ddf376c5ad798b7001bbd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

064b9ce3bc6ddf376c5ad798b7001bbd_JaffaCakes118
Size

283KB
MD5

064b9ce3bc6ddf376c5ad798b7001bbd
SHA1

b1e62fcb68bd34731db0c770596758a85847ca12
SHA256

f04838e7363c927e1ac3f34f28c3328c3673ef9c31a843e36af56eb2d59dd62c
SHA512

e5cafaa0d77c70f6e998699473c6145981a159d270e004fb52939af4c1298a3cf311290510f00f20e8c6be4a3442ed477dbbdd70199869a26ab4e19e6b3a53a8
SSDEEP

6144:55lDqj8sTmtOJKSB99Vhy2uwCtEON9bYV+sVcV/No2kOYjyzSQdP5:59uNMw99Vh8wOEOf0V+sC/NoOYje5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
064b9ce3bc6ddf376c5ad798b7001bbd_JaffaCakes118
unpack001/out.upx

Files

064b9ce3bc6ddf376c5ad798b7001bbd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ