0a37868c5bb735eec655ae8546581d94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a37868c5bb735eec655ae8546581d94_JaffaCakes118
Size

149KB
MD5

0a37868c5bb735eec655ae8546581d94
SHA1

feb83f8f95044f37e7f4444fcc8f718204ee8eb9
SHA256

03f9002f2b9a04c9924e828d5ce854d6b8e42cedc230af95a2fb202640276d60
SHA512

9262292ecb5ceced6ee63d8239e967fd50d2b074173bdd1d6ae09b41c9c74d40da5566344d91c4a0bf9b11ca79ef5b5b68d62e85de4009d8278190007d4d5e2f
SSDEEP

3072:zipH5ml2sG+PIMDhFh89+Dhyw1tts8jm6osH1NxCQU3E:2l22sDIa3h80D4w1XHmtsVNxCQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0a37868c5bb735eec655ae8546581d94_JaffaCakes118
unpack001/out.upx

Files

0a37868c5bb735eec655ae8546581d94_JaffaCakes118
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ