2cfd4a7f68d4e06b7d80508de47e3a05_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cfd4a7f68d4e06b7d80508de47e3a05_JaffaCakes118
Size

7KB
MD5

2cfd4a7f68d4e06b7d80508de47e3a05
SHA1

d2bc1c533345b1fe0494c419ab88925c826360d8
SHA256

226ec9b5814d87f216bc2a0201cb0698e7393e167eb90d83ff238a390443556d
SHA512

27945bfc1019d521d94526ca4b6418c7fba60829bd5ca62975c1bbd4785086b831fe4e5651c1a13327026934f302626c4fa016aa308694b9009ac569e5574527
SSDEEP

96:W0wAUN0+orCS9vaTGNi9ncHlos0Q07lzfAeS4et1:Ayx9yx2H9Vt1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2cfd4a7f68d4e06b7d80508de47e3a05_JaffaCakes118
unpack001/out.upx

Files

2cfd4a7f68d4e06b7d80508de47e3a05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ