24bc6ce3e6470b800ea8bfbb40ce51f4_JaffaCakes118 | Triage

Sharing

General

Target

24bc6ce3e6470b800ea8bfbb40ce51f4_JaffaCakes118
Size

87KB
MD5

24bc6ce3e6470b800ea8bfbb40ce51f4
SHA1

0ce932790eb18151c80ed1858d6b44ab79a4c236
SHA256

21dbca7af1fa595c7e646ffde9df068c8f5830851ebaf3f7087888d5bf05e899
SHA512

a6512e46327cd051881ae6f00cc17cf001dc2a8ec1a249cf272415eb651123dcb66d9355620e408fc50dabb38e4aa5deb18a088ce00677e96586175f72bd4fae
SSDEEP

1536:1o40MznFNe/lWTIu8NHQyPnzjMZkyy6pY4JPRawVC1pCsxFXse4G50SYDEbUeFb:epynF0cQFnEZkyy6pY4JUNDsg5b4E/Fb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
24bc6ce3e6470b800ea8bfbb40ce51f4_JaffaCakes118
unpack001/out.upx

Files

24bc6ce3e6470b800ea8bfbb40ce51f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE