282f183b1549ceb0a303f51685e7f73c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

282f183b1549ceb0a303f51685e7f73c_JaffaCakes118
Size

14KB
MD5

282f183b1549ceb0a303f51685e7f73c
SHA1

8296520a91c7cdb43f98cf3893835eae4b6331c4
SHA256

91e26865f2547b9d598e9b96a4aa0559e6e9c23779fd6533b6ad5b152a78366c
SHA512

3fda0dd6bdec6b94cf999ef81b82892677b7d5f3c9c44cb0f1b9e9a9f0bd2fef2dc3adb9fa2383bfc570791c89eb18cf5ae4b0d5fafe5ebbdcb4e2544f2b18b6
SSDEEP

384:NbIkmAJdjQ/yY0djwXlp56eHrrlCsdH7y:NMlqdjQCJI7UeflCE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
282f183b1549ceb0a303f51685e7f73c_JaffaCakes118
unpack001/out.upx

Files

282f183b1549ceb0a303f51685e7f73c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE