2f311f638b4235eab2d01e4bf5544b8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f311f638b4235eab2d01e4bf5544b8e_JaffaCakes118
Size

56KB
MD5

2f311f638b4235eab2d01e4bf5544b8e
SHA1

40ddf588d8f2248c76813b960337b69f602c0bcc
SHA256

bd5f1f90b9e5fd32cb889564d3a28f37e7ef38153c65fa8324e93f5c15107912
SHA512

06feb26babfbec455b272232e2657cfdc634178c7189af9f5bbf5c7fd5a6ebd3e4b8a1925e8cbb418b726f52b412e56cd842751cf0733b456b202932f4c28914
SSDEEP

1536:T6b9mIfgvCH9iatBu8Yo9FvbFlFsFuYRKYUgnck:T+jfgvCdN+o9Z/FskqKYXnZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2f311f638b4235eab2d01e4bf5544b8e_JaffaCakes118
unpack001/out.upx

Files

2f311f638b4235eab2d01e4bf5544b8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ