0e6c3081b534618e47c2a07b5c0ad393_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e6c3081b534618e47c2a07b5c0ad393_JaffaCakes118
Size

152KB
MD5

0e6c3081b534618e47c2a07b5c0ad393
SHA1

54ff3d1e02eb96dba3fb8016805c8b4d51d6eb83
SHA256

25d6e70e66db4056bcaf9c3074227a75a556943c6afb81f9a452e4eda697e48b
SHA512

f662491dfabc0f3ec8d762819ceca13a97e4c93a7c12040305d34b04c4b079b7fad4fd4e44af1c26400d6c0f63b9bfd0483824bb0fc24be2dd3752884222f6c8
SSDEEP

3072:wVAN67I69781KTIWydNZehAKeMgx3hTINnM8BVlfTNBDDLDJcx:wVAs94KTGZeh8MI3cVl7Ox

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0e6c3081b534618e47c2a07b5c0ad393_JaffaCakes118
unpack001/out.upx

Files

0e6c3081b534618e47c2a07b5c0ad393_JaffaCakes118
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 357B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ