300b63babcb62372efd43d743e86f533_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

300b63babcb62372efd43d743e86f533_JaffaCakes118
Size

6KB
MD5

300b63babcb62372efd43d743e86f533
SHA1

2bd0b7ff906009886c70f1c8e0e36cacf76a4392
SHA256

faeff58dd83dc3406988b89371fb12ab0104e81d42986d19c883074309aabc2a
SHA512

9029dee2a873be966fc408a7e3f81341e6b49fdd9e4e5ca8a5a89db7ba63d358ed78874ddaea653372b752d846e1ecd74aa36e0e226f02667d1d7d41a60afeb4
SSDEEP

96:vS0mESjfGpIpT4xlKEFxEyH1gXtFr2OklJJBBjgMzuGczH30Zdw8+x337VU7:vWESy5KoxEyH1gdFajlj3jgMzbcRD3rO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Foto_ID.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Foto_ID.exe
unpack002/out.upx

Files

300b63babcb62372efd43d743e86f533_JaffaCakes118
.zip
Foto_ID.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ