3b28fd0433fef6ecd4c380829870d954_JaffaCakes118 | Triage

Sharing

General

Target

3b28fd0433fef6ecd4c380829870d954_JaffaCakes118
Size

320KB
MD5

3b28fd0433fef6ecd4c380829870d954
SHA1

d2ca652f560b7aa44c4a0433ed6c927685fe905e
SHA256

4772cb5dc0497f91706de28e6af5b8cebc30502179f3ec89b4e334c2c37a1e22
SHA512

433693fb03039cef7700d74a307da496df36ec6d460271b333906aae2770502677ab0832593369e2bf3d2434d840759228b38d7094b06bb1ccfebf1cba2b5ee6
SSDEEP

6144:9Gn+OFNjMmmmV2dygkQg/9gtt+IC8m3MaH951+GB7GflO:AFc0rQg/K3dmrH9fGflO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b28fd0433fef6ecd4c380829870d954_JaffaCakes118

Files

3b28fd0433fef6ecd4c380829870d954_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Jiaozhu
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE