31a49df0cad65e6b62214d68e3ec4e43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31a49df0cad65e6b62214d68e3ec4e43_JaffaCakes118
Size

605KB
MD5

31a49df0cad65e6b62214d68e3ec4e43
SHA1

9eb050dc350617da70890e95051bcf864d13e285
SHA256

b6a38295a87d20d3d0e8d2646e230ebf19bed236cc1f9975f728791119b4ea95
SHA512

0183cf948041a38a4d5fee059f1139fd5bc9bc91b82206f80732b48dd18ecb38fb503141f3449b0a1d4ca48b86efed0a37af9f0c66e2e551b95094abc97c6f18
SSDEEP

12288:Ph+kFwZdy9GJawKRXHKu9ExXAcg84qTUSqeM:zis9GowoKu9qXXg84qTU3p

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31a49df0cad65e6b62214d68e3ec4e43_JaffaCakes118

Files

31a49df0cad65e6b62214d68e3ec4e43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 537KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE