0e82d731e7180293b53128fbc3f355b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e82d731e7180293b53128fbc3f355b0_JaffaCakes118
Size

12KB
MD5

0e82d731e7180293b53128fbc3f355b0
SHA1

b55a2360ae310fafa002c3d206c220c215987e76
SHA256

d2b2a81e755e6113bd07dbaa47f726621286841e069797254e326fe490707c38
SHA512

5dd68169618830f42aa4eadee536ab68fb23e70db341a9f04230d1beceb8e5af5808d9c01d022278384c54678762e62ef4e8713fac5ef5f094f034c2718f1733
SSDEEP

192:RiwIdE1kF7HBGC7pBxNCurZtTtliqe9m6G2yuEEMXj848LCUaZrnoQBqJt:rME1kn5jxNTXa9p9EVeChSft

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0e82d731e7180293b53128fbc3f355b0_JaffaCakes118
unpack001/out.upx

Files

0e82d731e7180293b53128fbc3f355b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ