349194ca9eb9166967f6fc7d2b6a8713_JaffaCakes118 | Triage

Sharing

General

Target

349194ca9eb9166967f6fc7d2b6a8713_JaffaCakes118
Size

16KB
MD5

349194ca9eb9166967f6fc7d2b6a8713
SHA1

50e36cc7992e2acf0e2696b090aa41daec73cc80
SHA256

d485b84fc54049f4d2462757f4f09c91a9a132dcae40277bcf0a310338f0620e
SHA512

d7b47c03f876222ea64c222c1ed9435502ff7ed7c128ec923e902005008be36bff5d0b73795c6b98062eb44d1477c09388f5e73bf2a6975db4843fd1d0fc8ecc
SSDEEP

192:fjvX98aK+81/U2NssT43aBWulfcWtUdwgzyhnuPtpwa3tLXOW:7vt8egPxTO+fNrgzinkbZDOW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
349194ca9eb9166967f6fc7d2b6a8713_JaffaCakes118
unpack001/out.upx

Files

349194ca9eb9166967f6fc7d2b6a8713_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ