329e3c06d9fe137c5a805d65f315290b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

329e3c06d9fe137c5a805d65f315290b_JaffaCakes118
Size

176KB
MD5

329e3c06d9fe137c5a805d65f315290b
SHA1

d404e7d3d597817110f58b523997f8ea86535d08
SHA256

3467a856b24231b633c45e5af7f3a2c452e415bdfa22c3fec2b5969f62ca89fb
SHA512

36c00bd2dd32607da508ed8ed0731f71e4464b5cf4e9de404ab16509cbddc2cfd530201790b02de89291fa8144921d6244640116388e98860afec71170d496cd
SSDEEP

3072:s3GgI5hh/Ij4gt+/ig/YB7xd+kWqz+KOnLNaEYlRP08hKzv3fGosrLhR9qPlRsAC:Lj/Sk/9q9IklzOnZa3OpvkrLngPl2AcV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
329e3c06d9fe137c5a805d65f315290b_JaffaCakes118
unpack001/out.upx

Files

329e3c06d9fe137c5a805d65f315290b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 472KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ