32ab3a33a281c76f62f0b9a1013d1b10_JaffaCakes118

General

Target

32ab3a33a281c76f62f0b9a1013d1b10_JaffaCakes118
Size

32KB
MD5

32ab3a33a281c76f62f0b9a1013d1b10
SHA1

bf276a231cb901b9fe4f2a7f3a2c37c3b4faf8bf
SHA256

2a00eb89bd199da5a6e984db384a14ac2d8c9bb03221796c684df35532612f60
SHA512

7313590f4bc4e920258c49df2e77768fb83a9a10a027d9976af3059882361af788ed275eabf95daad32e3deaa1da76b486d4108433110d696ecdf62f0cd941f6
SSDEEP

768:h54FtXgT3vzPNfKHLzPeLZo7C3yDCfv/GfTXHz2QFYsrBE3dS:wFpgT3rVf62Q9D2OXqQhI4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

32ab3a33a281c76f62f0b9a1013d1b10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

75:7c:e6:cd:b8:61:76:8a:41:af:ac:b1:a9:48:73:74
Certificate

Issuer

CN=LinQuan

Not Before

31/12/2008, 16:00

Not After

31/12/2014, 16:00

Subject

CN=LinQuan

Extended Key Usages

ExtKeyUsageCodeSigning

11:c7:da:51:a1:50:ef:56:75:dd:da:7b:f0:ab:c7:c1:88:79:34:9f
Signer

Actual PE Digest

11:c7:da:51:a1:50:ef:56:75:dd:da:7b:f0:ab:c7:c1:88:79:34:9f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:7c:e6:cd:b8:61:76:8a:41:af:ac:b1:a9:48:73:74Certificate

Extended Key Usages

11:c7:da:51:a1:50:ef:56:75:dd:da:7b:f0:ab:c7:c1:88:79:34:9fSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 29KB - Virtual size: 32KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 38KB

75:7c:e6:cd:b8:61:76:8a:41:af:ac:b1:a9:48:73:74
Certificate

11:c7:da:51:a1:50:ef:56:75:dd:da:7b:f0:ab:c7:c1:88:79:34:9f
Signer

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 38KB