2bd6c0cff797d232a8143a8211df90db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bd6c0cff797d232a8143a8211df90db_JaffaCakes118
Size

7.8MB
MD5

2bd6c0cff797d232a8143a8211df90db
SHA1

0a10f87114a66a6ca45a0a8c7fd334ad354ac199
SHA256

a1fb29c8f8a4df32cef4d59ffd7f371bc3241de9bf17bfd07699c4daa0093f94
SHA512

8eac5027cea0cdb9819229a2aba895a3cae9f5638d92aabc693a1fca6d2564a83105d86fe41e6f56195bda9eb13d94a04e4c422b01b8b55c0b874a531febef43
SSDEEP

196608:47effIPEsy58doQaTxLhQyZbIly38doQavqU/yE/QTly38doQaogBqfiKQQnSByN:47effIPEsy58doQaTxLhQyZbIly38doA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2bd6c0cff797d232a8143a8211df90db_JaffaCakes118
unpack001/out.upx

Files

2bd6c0cff797d232a8143a8211df90db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.bss
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE