274a3e5ae9de5f6358713c50f9553d49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

274a3e5ae9de5f6358713c50f9553d49_JaffaCakes118
Size

240KB
MD5

274a3e5ae9de5f6358713c50f9553d49
SHA1

d7ebcb9657072ea9f57aa3758290f9a0c97d9140
SHA256

1af36aff5dac3377e1e6c64bd8cfafd73eb06d5ef9dece0358f3c39cb8e879db
SHA512

c9271529fb1a3a9cefb4b86b6d6d2ab6e2186b12f8fc5139e1cd44ab6159e7461d8f24599b8983f87e5269af933c587f32485632cfdde0c4d35971d1bb67830f
SSDEEP

6144:IgPK4kJc+p06xFyaOYT3gJPBsFmdtHPWElNzlixnrWyA2lL54:hPJkK+5FyaT3gV1vT1ixnpAml4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
274a3e5ae9de5f6358713c50f9553d49_JaffaCakes118
unpack001/out.upx

Files

274a3e5ae9de5f6358713c50f9553d49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ