35b093ffe18dc49eb163ada8b1105ec2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35b093ffe18dc49eb163ada8b1105ec2_JaffaCakes118
Size

625KB
MD5

35b093ffe18dc49eb163ada8b1105ec2
SHA1

bb498d3748a086d36e30941bdbb46ec6b56d9cdf
SHA256

f0d01b8e9f9f0a627b03376d5600d800f2a13419656b659da97526d484ca9b38
SHA512

3295ee333c6110ca57f8a263acef9458a592e3001ef65f93ea7c35baa61545337fc366ee36e24f5ea9ec94dd30b9d787626c2671bfacb626e5c936bc68bb4a72
SSDEEP

12288:K7h3hgu97G8azP5V76fATq8iYuiqxjMMjMMZU+vl35HGVfoIpV:K7NKu9Kr5+ATqLYJqxjMMjMMZVNpKfoG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
35b093ffe18dc49eb163ada8b1105ec2_JaffaCakes118
unpack001/out.upx

Files

35b093ffe18dc49eb163ada8b1105ec2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 992KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 514KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ