1c4795a76dfe76ff516d04c9a15fce75_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c4795a76dfe76ff516d04c9a15fce75_JaffaCakes118
Size

82KB
MD5

1c4795a76dfe76ff516d04c9a15fce75
SHA1

9adccc5c53eb4000c0947f58e39182ae39394f52
SHA256

d4b96da8aab247f33b9323b318402d8f4b8509825bc8d8cc3f8740dbf593695f
SHA512

a7b04fa218b98cd69009dc61683740cc213803a9e9f5d06d89218d743b44c59f631941acba33cdb2792cb36a7064a08ba1658d4823a896ebcaa82d4e14102c8c
SSDEEP

1536:dzY8yLYP6ohmxWdzuCli9gmTaSR3OW1Bib3eDhI6Se1TeMcIN0pPJPRyQ5JBAH:JY8yi6Gm0dKE7SR+1buDhz6LxJ6H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1c4795a76dfe76ff516d04c9a15fce75_JaffaCakes118
unpack001/out.upx

Files

1c4795a76dfe76ff516d04c9a15fce75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ