26d9c3a19cf0d2cb73efd324a2b3bd6c_JaffaCakes118 | Triage

Sharing

General

Target

26d9c3a19cf0d2cb73efd324a2b3bd6c_JaffaCakes118
Size

90KB
MD5

26d9c3a19cf0d2cb73efd324a2b3bd6c
SHA1

0332a4a7b088fc503beadc5ae71c8324f4f1b766
SHA256

2ecd62c02eb903d1a209ef8b89900259072ca49e100479e4803a6e25afcba94b
SHA512

63ea9b3276c16a70fc9cc7e5fc1ee084ea3ee13a97a7d514c6f14bf6306af6dbd70dc5a0548144dfc9ed490e3fbaf7c5f94cb372647c52659054b3410b09286e
SSDEEP

1536:vs0O1mBa8dp3xSxT8C3dTxKoMuGd/o5LAx2o+BWm39NA6DofF2DvzSfuH6VUwBbJ:E0O1mB7dpslx3dTcNuMCBWM9NA6uFQM3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
26d9c3a19cf0d2cb73efd324a2b3bd6c_JaffaCakes118
unpack001/out.upx

Files

26d9c3a19cf0d2cb73efd324a2b3bd6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE