0feedb4039ec5dc4f75586ac90cbb6f1_JaffaCakes118 | Triage

Sharing

General

Target

0feedb4039ec5dc4f75586ac90cbb6f1_JaffaCakes118
Size

105KB
MD5

0feedb4039ec5dc4f75586ac90cbb6f1
SHA1

496a6512672b33aa6dce9b531ee9f5cb3d4a1fd6
SHA256

da4988e08ec9de6ab0c9a8739702e4a757ca27043b5debd5e337479c652e2c2c
SHA512

91760b47eec30ebc8c941b99ccd3dad6a6a4c33f04c324718dedc695dbf904fe4fedce1cb3974cdd1a2046f5129067371837af3b091c94d998c0098400713657
SSDEEP

3072:a9Dz0wArrM/pxlY8iMUaS4Z3488EEj0E6ES:oAc/PufMv3kju

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0feedb4039ec5dc4f75586ac90cbb6f1_JaffaCakes118
unpack001/out.upx

Files

0feedb4039ec5dc4f75586ac90cbb6f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ