30cacd4a6c3970c34761ea43a28bed94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30cacd4a6c3970c34761ea43a28bed94_JaffaCakes118
Size

39KB
MD5

30cacd4a6c3970c34761ea43a28bed94
SHA1

f48cd2f438a7cecaff2fcc1b8a92c70e360494a0
SHA256

c8d7287c37ffab0bfdaee5ae556c26bec91b7663ac4962a14569b839ae54c647
SHA512

9ddf272e276188a46b5a2a23417c286ae5a0579d368b94334b71854a1a0f2b4b4f4d681050fa7fb94e3e5f8435f8cc57ce7f0483fee26e55fb7c5b214b61dee8
SSDEEP

768:KtM7RjpqEVZ/sQFmH9S7i8tWCupoV1VsD9WZ2L:KtsppLsQF0M6cUL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
30cacd4a6c3970c34761ea43a28bed94_JaffaCakes118
unpack001/out.upx

Files

30cacd4a6c3970c34761ea43a28bed94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ