2d1f176f6224d30bb21af2c1de69f1d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d1f176f6224d30bb21af2c1de69f1d0_JaffaCakes118
Size

199KB
MD5

2d1f176f6224d30bb21af2c1de69f1d0
SHA1

2a32581e70c31fb7637e0f72daf051a8b5934b44
SHA256

1897533681e33636c4140a4e9342ab9cc4c914eab22b946382fe9b0dc2d259d4
SHA512

e90b4d5877c09c328424ee8aac285ffeced2c0a64fd3b1852521b313d5df0fefa4954aed5e7ee65dcfd9929d517a611d4e6b8e09742062cf48d5d6a65a35d339
SSDEEP

6144:+J72DUF/KktI2BPs+RW7iYT02D8WeEE2O0AVvDnm1:+l2ctzHRVa4EE2lAtD8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2d1f176f6224d30bb21af2c1de69f1d0_JaffaCakes118
unpack001/out.upx

Files

2d1f176f6224d30bb21af2c1de69f1d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ