0ef0b8d7cc6b6844771e02217455b62b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ef0b8d7cc6b6844771e02217455b62b_JaffaCakes118
Size

103KB
MD5

0ef0b8d7cc6b6844771e02217455b62b
SHA1

96f3e63949ed753f18ef94fae4a7f9df58f0bfa7
SHA256

15b1492c82e57a1d493646f2236ffddd7f9f048c3f9273a33d55751f0ef610f8
SHA512

d2c8d7df4b86da5341aa541d31c7d3a1b2e4ba9d39363b1d94d0355404919a2d3addcd76dac141dc4ff6082131efda522e5facc7c4af196efc116a5ad0494253
SSDEEP

1536:Vjgq3Azs0Ny3s5T+d8wIx/0if7ZTNvX/TOZ4rEA27w0BNWUz3z7ifI:Z4bNkYThx/0if7ZTucz27wYWC3P

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0ef0b8d7cc6b6844771e02217455b62b_JaffaCakes118
unpack001/out.upx

Files

0ef0b8d7cc6b6844771e02217455b62b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ