1674c31024e43eeba47069ff34959111_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1674c31024e43eeba47069ff34959111_JaffaCakes118
Size

77KB
MD5

1674c31024e43eeba47069ff34959111
SHA1

d28164d5111ab23ea8c42ebc488498251d61079f
SHA256

35db421c13d2fad5044e31080095d90a8954990db11265d4e7601129bf556901
SHA512

21ffe8531de104d81c98f0784798fab1d1772f0f7360397ebffd2b30693391654a7dca3a0a3a90c130ae88ea43968eb6dadc9c3d9aed3034b6f306b0c120cc41
SSDEEP

1536:oEUo9viCKzMePVBN4kbx7VB6a0t2YP7wGf6nzIPVRmZ4G9/xkBjlp/H:IMvi5zMePVP4kbxhB6Lt2YPsGScV4NoB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1674c31024e43eeba47069ff34959111_JaffaCakes118
unpack001/out.upx

Files

1674c31024e43eeba47069ff34959111_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ