2964ad1ade52113c6e2e2c9ebaa19804_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2964ad1ade52113c6e2e2c9ebaa19804_JaffaCakes118
Size

700KB
MD5

2964ad1ade52113c6e2e2c9ebaa19804
SHA1

a8ce406f62bfdaf797252a306653567220a57229
SHA256

82f4cc298b54cf3bcc3626fcb8b001a17916682d5d4d4b0da28b713fbfac15b4
SHA512

6dc3925d306d5c86b233c41676b550d144dd7517b4ccd286f019d07744611f40c14885d431394d85e2bcf7ed5b0d0591800f236a12519edb637154e202aa748b
SSDEEP

12288:yPkOAOF0zV8Nyy5PGHTFS0DTl4Wwm4x1KRR1WIsJzySxAk9nMi/upd1u:jV8NyQ+HpSmqPsU1xAk9nv/uFu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2964ad1ade52113c6e2e2c9ebaa19804_JaffaCakes118
unpack001/out.upx

Files

2964ad1ade52113c6e2e2c9ebaa19804_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 904KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 697KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ