3357ea8b6b6af30d970b6f2ad8dc9e32_JaffaCakes118 | Triage

Sharing

General

Target

3357ea8b6b6af30d970b6f2ad8dc9e32_JaffaCakes118
Size

79KB
MD5

3357ea8b6b6af30d970b6f2ad8dc9e32
SHA1

577120d18bfc351d4d67124afdd4575c5fb69c8b
SHA256

d4a45a30c474cce5a4730a7fbbc061e0fbde1b180e79ea98871ab9f1905939af
SHA512

9bb73e45dbf10d797da8cf5b44b47fd772813c2fae09cd67e58dbd86201ad5371047092a89f3ecb40d68fb1eb8ec7b249c02f360700c1783680d2b64f32be859
SSDEEP

1536:y4cByAlnenQPb6TiBXhuo2hI0hwyexCWDvChRBYAuRNMfx:ydyjQPGTiBXX7iwytWDahRBYAuN4x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3357ea8b6b6af30d970b6f2ad8dc9e32_JaffaCakes118
unpack001/out.upx

Files

3357ea8b6b6af30d970b6f2ad8dc9e32_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ