3097754e1ae857d24a2a528dd970240e_JaffaCakes118 | Triage

Sharing

General

Target

3097754e1ae857d24a2a528dd970240e_JaffaCakes118
Size

190KB
MD5

3097754e1ae857d24a2a528dd970240e
SHA1

4abbf5bad710acfe646e89ecd9b0d785e9185e13
SHA256

6377085c8d01ef03f18c432a359d262e9ef4b41a43407c6841776adc3bddc0e3
SHA512

cbf498834616cc2e07774c53cbf7af6e236f7cb636624eb9004b6591af354db38e3892b839f9eb7659e679785625d413d56e72716ccaea4dc7c72d6c2eed6d51
SSDEEP

3072:G0msf0VukyQ8MkbohHRsIASAGJk7HzesrRLbCeiA5jiNr7nN+HbrziplmeQ10Bxy:GRsf0Vuky2kb2GIASAnTzdrQairZ+H/b

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3097754e1ae857d24a2a528dd970240e_JaffaCakes118
unpack001/out.upx

Files

3097754e1ae857d24a2a528dd970240e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.2MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_MEM_READ