26651923f21cc599294239442bf66d37_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26651923f21cc599294239442bf66d37_JaffaCakes118
Size

70KB
MD5

26651923f21cc599294239442bf66d37
SHA1

9549fbe37b1a0d80b576e1aa6950e3c856163c32
SHA256

fda7869574ad5fc19bee263a4130ee2d528453e43cbfcb3829502acec22be760
SHA512

c45641d74d145f710381ac7bb4172e658f5f0eb08ae5a8117362432016ea808df40034cd917f9822b5bb9ff810366de30037929485a48fbacbb5204c04e2cded
SSDEEP

768:7BxZkRQh2VWGstiSSWDfThplIcpmiBPh5iE79gD0sgDmGU/kF4EJRQV6rEHfUf+7:7BxAJatiSZrUiBPfiE7qR+MAEHucOzU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
26651923f21cc599294239442bf66d37_JaffaCakes118
unpack001/out.upx

Files

26651923f21cc599294239442bf66d37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ