358da6007662cd6cb36b44f473fea764_JaffaCakes118 | Triage

Sharing

General

Target

358da6007662cd6cb36b44f473fea764_JaffaCakes118
Size

101KB
MD5

358da6007662cd6cb36b44f473fea764
SHA1

e8cf6afbf7b0a86ddab588e45179713e1b35b328
SHA256

5d7305e6416f610891e7682ba88b5d0798e3fe830429ea2ef7a3af3936ee785c
SHA512

416f215fade4dc43052032109a43e48df49be84d164b204c84f3d34df1867c5c3c51662a961f9ebeb07410109fce0e07fbe36eab47f54865ed0227e43521da64
SSDEEP

3072:fDcLAo50eUOZyiO8hGZUyq/CwU5jXJToY:rowl9ZUENjp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
358da6007662cd6cb36b44f473fea764_JaffaCakes118
unpack001/out.upx

Files

358da6007662cd6cb36b44f473fea764_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ