1b2c96b56d6960f910ef5ef4fd947956_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b2c96b56d6960f910ef5ef4fd947956_JaffaCakes118
Size

71KB
MD5

1b2c96b56d6960f910ef5ef4fd947956
SHA1

f4898a15f4b86390c0fe536abed7d013384fe4a6
SHA256

8eda6215c30aa0b1be15bc525ab0b379fd1f260be600dacd1f6556c36f66401b
SHA512

28aec27097cb56a7b02675cef59846a040831c7c5396efbcfea7b354fdf3da08d3019e627a4d02c00f2f273d782141d150b40e106f28994819b535775d5d2f5e
SSDEEP

1536:UMyWsWRl1uH6K3D0dOzRQcSgx0jlfZmVAKwpgitFcPEK/0:ULWDgH6K3ZzCRI0jBZmVcmOFc10

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1b2c96b56d6960f910ef5ef4fd947956_JaffaCakes118
unpack001/out.upx

Files

1b2c96b56d6960f910ef5ef4fd947956_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE