364d74f198e6043bc5680094bed6cc4b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

364d74f198e6043bc5680094bed6cc4b_JaffaCakes118
Size

16KB
MD5

364d74f198e6043bc5680094bed6cc4b
SHA1

0bcaa730017201f943e9def53f44e5e24ac730a7
SHA256

c0b483084b7135c34d5679b8fa679f75ffc57864c89fdb61cdef7f61a19c9700
SHA512

f1d2213c530e9e5dfcf918df9f0b093aa6abc8e2d81492c1faf1f160e1e00b5a6c8cff513519976a3a003eda2dd90d5003005dea9eca8f7f6be0bf354fab4036
SSDEEP

192:SRopSjKnT6FP5luu5DNI5sUkHf0mBvz4RmGpioxBvENEpLmZd/nrP3TyvwP7FbCq:SWQ6CPDD0sdHfnum5CbKh/zP7VC35k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
364d74f198e6043bc5680094bed6cc4b_JaffaCakes118
unpack001/out.upx

Files

364d74f198e6043bc5680094bed6cc4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE