066fe3ad2e2039f411b5d188262a6281_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

066fe3ad2e2039f411b5d188262a6281_JaffaCakes118
Size

206KB
MD5

066fe3ad2e2039f411b5d188262a6281
SHA1

f765189e4f2a34cacbfe73c3dcf1c100dde3a5f3
SHA256

addf519ae671caf1ba6bc8e6672237b3ed4e20b8df931423eed4a160b6d56006
SHA512

e6386a93471d42ad21f6d500811ae1971f1557b515affc9ae99dbf1b99545203c0dc0881ebc66f26332d1349b1848cada630d90d413fafd77518f1074caf4a11
SSDEEP

6144:CqC4Xpn50uKq969kE8YHDADTZKHnbszJm3PUMf:CqC4suK5ZdHsDMHUm3PUMf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
066fe3ad2e2039f411b5d188262a6281_JaffaCakes118
unpack001/out.upx

Files

066fe3ad2e2039f411b5d188262a6281_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1016KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE