31e01e75cf4d9cca16d3acda0032ed99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31e01e75cf4d9cca16d3acda0032ed99_JaffaCakes118
Size

71KB
MD5

31e01e75cf4d9cca16d3acda0032ed99
SHA1

cf18735bf57482688d69c1bb08242ea5649120d1
SHA256

1e0dbe4056a26ac53924d671f3360b1a328291c059dccf5c67cab73dd7f3b84a
SHA512

707165c2f687c4227001a64300d691ec79700834bfb35ccc37c0d6919af504c41156137fd0fd9cad83464b20687878eddd8682418489451e52902b9316cbdca7
SSDEEP

1536:Qc3oS+PDAZEcjbxmxl48R9wKYSEzL6C9cYcRvTplP1Pac:QcbTxmTodSEV9c/plt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
31e01e75cf4d9cca16d3acda0032ed99_JaffaCakes118
unpack001/out.upx

Files

31e01e75cf4d9cca16d3acda0032ed99_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE