169adaf99501b8f3235d79f2d4bd6df4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

169adaf99501b8f3235d79f2d4bd6df4_JaffaCakes118
Size

11KB
MD5

169adaf99501b8f3235d79f2d4bd6df4
SHA1

b3232f72ed65622d9baef7c43067921286c0b9a9
SHA256

3a26bcb93b70c246420c9cfddd31f99479a29d73a698bc1c21415d019e044494
SHA512

85eb847baa336990680757c7aefb38e9d83c38d10bb3a541b17d4eff4a0718495b8c5522e0dfc1261419a89bd838f67be071dc4e2123ec1177dcc14f7054f09e
SSDEEP

96:tAgA+0PR487m32sInw0Vx4NHJ000R36lIKOQJKodya9PG/yvdnZCRA6l73oBPpMf:ioUmVVQZqlIKOQ5ne/hbT+rOXgJU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
169adaf99501b8f3235d79f2d4bd6df4_JaffaCakes118
unpack001/out.upx

Files

169adaf99501b8f3235d79f2d4bd6df4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ