104d4ea9e313fdaf626328a79adea6e4_JaffaCakes118 | Triage

Sharing

General

Target

104d4ea9e313fdaf626328a79adea6e4_JaffaCakes118
Size

414KB
MD5

104d4ea9e313fdaf626328a79adea6e4
SHA1

d2d66dd4cdbf50dcfac841fa0afe0e493d5f5bdf
SHA256

9d09483d618688fc4abb7d3fc60aff9be545db7d5ccba192d3a835932ff2fbe7
SHA512

721aa89d9fd73fa891812dbd625424a72f005bca8b2b30b1552bbfb9d58e7c506a0e034cd9ad2f68135bd4a58bb1359959a7c027f6e75e4a577fd751645ce651
SSDEEP

6144:PuOkb+kzG9zwvZBHJkhufhLTeQmSpSZWR5Pbrl13J6Fw2CZbUUMWoPR:aEenaI2QmSIK5Pbb3J6S31e

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
104d4ea9e313fdaf626328a79adea6e4_JaffaCakes118
unpack001/out.upx

Files

104d4ea9e313fdaf626328a79adea6e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 410KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ