389f141c2f554587fc379f9e2ca31a68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

389f141c2f554587fc379f9e2ca31a68_JaffaCakes118
Size

192KB
MD5

389f141c2f554587fc379f9e2ca31a68
SHA1

10bfc1e335da6b724bb59d1523a80bb99110ac60
SHA256

bfdd3a5f660bf4843d1aaa249a8e775de1f06140bb6ddf0b3880ab67dd793395
SHA512

cd1da7a161f5e883a75fc9d56fd9339b279f37a75cf0af4a4f809bf49d343d360da6c7e70c1aea3a29b69876fe1c3dd31958f576ebe77dfda717d19497ce4214
SSDEEP

3072:Wd7uNZ5o9U5QY1PVJrH4W8JKwDf2QJZ3Ev5lBUStQeA2Qmg3eHOOCIv:IsZ54czrH4W8Jt9JVExk6Aj13ds

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
389f141c2f554587fc379f9e2ca31a68_JaffaCakes118
unpack001/out.upx

Files

389f141c2f554587fc379f9e2ca31a68_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ