0e4dfabcc85a4319cf5ffaa1801f2d6b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e4dfabcc85a4319cf5ffaa1801f2d6b_JaffaCakes118
Size

10KB
MD5

0e4dfabcc85a4319cf5ffaa1801f2d6b
SHA1

fc7fe938fd6082df080c80fd31f0624e8131ba86
SHA256

c346203c0643777af7c24f84eb7f61d6f1e97debd1e9eb60cdd6012bd62f6f47
SHA512

9be7aa8bd604412650a8f9cb6694829cb00d0d83545674598fca91c4d2c3372a94d5280d32ec6cd252db437554dae1fec1959eada863b19e19387b17485d343e
SSDEEP

192:7tJS8T1hlJxHRmAEG2zGekuSACttXMfiRXQv55QIO:Zs8T1//RmAEG2Ke5p4RMfihQv3QIO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0e4dfabcc85a4319cf5ffaa1801f2d6b_JaffaCakes118
unpack001/out.upx

Files

0e4dfabcc85a4319cf5ffaa1801f2d6b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ