183e72af4974ffc17def266408eb1432_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

183e72af4974ffc17def266408eb1432_JaffaCakes118
Size

13KB
MD5

183e72af4974ffc17def266408eb1432
SHA1

529b5848b0a70a3fa41a50584763a0a23888fa83
SHA256

56a5935aa473cc250851ea676e77b062149a361f2bcfb9647892635b1d76c90d
SHA512

f4864ed6087709c8d68bad948b52e328466e34c9801430625397003150997845f0d1ce1a4c05d386c94e1f320c040385fd09cdc9a4084891cbe4ef4d604051cf
SSDEEP

384:DJULcT5i8wMUpxkQIdUB0rd6pcTTPfBDD:NGknZnQId/rd6pcHfp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
183e72af4974ffc17def266408eb1432_JaffaCakes118
unpack001/out.upx

Files

183e72af4974ffc17def266408eb1432_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ