2a0f766333f8e2cb681196a37f5b4aad_JaffaCakes118

General

Target

2a0f766333f8e2cb681196a37f5b4aad_JaffaCakes118
Size

308KB
MD5

2a0f766333f8e2cb681196a37f5b4aad
SHA1

48cfbdf22bd31b611b7fa57ad5444ac8b116656e
SHA256

263d2a1cd5f351278a6c78caad210b823d3f96b6052561c6b3c074ed87288637
SHA512

a1eaff58baf04be0d9a29d5308a3ebc1ba8b33cbd00b4345d96b6c0831420391f7d04f7efbe86efe4670bba4ba8f85423dfdac3aee0a094f97f331d1622d6fb6
SSDEEP

6144:HAXE2L5g4e/jj+2FIGMWu6Cpwl4itFjtDQeQwLcJq0AA1mtN:HAXbL5W22vCpafvDQPAcDAy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/out.upx	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2a0f766333f8e2cb681196a37f5b4aad_JaffaCakes118
unpack001/out.upx

Files

2a0f766333f8e2cb681196a37f5b4aad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 286KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nfo
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pecrypt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stealth
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PKLITE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lame
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.telockn
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pecrypt
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.telock
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 286KB - Virtual size: 288KB

.rsrc Size: 21KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.nfo Size: 556KB - Virtual size: 556KB

.UPX0 Size: 8KB - Virtual size: 8KB

.pecrypt Size: 4KB - Virtual size: 4KB

.stealth Size: 12KB - Virtual size: 12KB

.PKLITE Size: 4KB - Virtual size: 4KB

.lame Size: 4KB - Virtual size: 4KB

.telockn Size: 36KB - Virtual size: 36KB

.pecrypt Size: 52KB - Virtual size: 52KB

.telock Size: 20KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 286KB - Virtual size: 288KB

.rsrc
Size: 21KB - Virtual size: 24KB

.nfo
Size: 556KB - Virtual size: 556KB

.UPX0
Size: 8KB - Virtual size: 8KB

.pecrypt
Size: 4KB - Virtual size: 4KB

.stealth
Size: 12KB - Virtual size: 12KB

.PKLITE
Size: 4KB - Virtual size: 4KB

.lame
Size: 4KB - Virtual size: 4KB

.telockn
Size: 36KB - Virtual size: 36KB

.pecrypt
Size: 52KB - Virtual size: 52KB

.telock
Size: 20KB - Virtual size: 20KB