159ba01ba9c960f42cbcbc1ad5863493_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

159ba01ba9c960f42cbcbc1ad5863493_JaffaCakes118
Size

116KB
MD5

159ba01ba9c960f42cbcbc1ad5863493
SHA1

dca838c03a3a431506d233aa35e857a3168847ef
SHA256

f03a823af363da3440f64d86fb5e9ade1b65681399caa6c50c402b543a6672f2
SHA512

827e9c8f70bc40992a88fb33716b3e2c9ff9ba151189e1d5bc6700a96d7b1f3b13afc698fe2b0bfdc677fcf0dbb17a9193b8e86985c971582a48bdf24842961b
SSDEEP

3072:wE3GqYW4No+0P06GvAhN2AojCoG7zmLyEZA203XKasr:w4GqYNQPcAb2AojUrEZq3aaO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
159ba01ba9c960f42cbcbc1ad5863493_JaffaCakes118
unpack001/out.upx

Files

159ba01ba9c960f42cbcbc1ad5863493_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ