35b76d1040efac4285712aeda18a2ca9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35b76d1040efac4285712aeda18a2ca9_JaffaCakes118
Size

80KB
MD5

35b76d1040efac4285712aeda18a2ca9
SHA1

64dcb2a25d9d62c54380a151dac46b0344265c75
SHA256

d6860d80de563bcec73ea61c9a8fdc5fa9be2184b73cadb95f39ac7e0c84137c
SHA512

f2641bae08e425de4db31f85a4999e78e3b63042b5825d49032d263967a709eb4cdf126643c20b5ddc0703bc62e6b1a0a4fa07692d1ed2b6001b763b641abf0f
SSDEEP

1536:dgoGlxIkgOZOTBgs6ayiM8Fqgo/rAdrmC9bgXxnb7JtTMHqm1zod:O/lxCv6ay8Fqgo/rqrf9bgBvJtM1K

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
35b76d1040efac4285712aeda18a2ca9_JaffaCakes118
unpack001/out.upx

Files

35b76d1040efac4285712aeda18a2ca9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ