2d7851f20b60c5d9e845640196d7a4a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d7851f20b60c5d9e845640196d7a4a9_JaffaCakes118
Size

5.4MB
MD5

2d7851f20b60c5d9e845640196d7a4a9
SHA1

1bd3f0ed20d86c345ea4021f36d45b5cc146e4af
SHA256

eee2eefefc7c8a7349ad4fd4c28c81edc8dcc96a1cf9996e54de83fe35669dbf
SHA512

fa5300072d26b31f07ec8ec1968a835a6a407ad0c4ded0d6c9d2a1c65ac6e58e4d45262a1f7fb56073fac4c3ccf3259e9cbe250678d350e306beaa47e998e245
SSDEEP

98304:LlMQwZHRn8icRXeZQROEUNV4ZN7y/0bqpll7u0cBo+inYkfdWG:LiQwhpv+eZPEFZxhcll7B+iJfdD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2d7851f20b60c5d9e845640196d7a4a9_JaffaCakes118
unpack001/out.upx

Files

2d7851f20b60c5d9e845640196d7a4a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ