39ab5bcde1cafaad881e3d1366539205_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39ab5bcde1cafaad881e3d1366539205_JaffaCakes118
Size

235KB
MD5

39ab5bcde1cafaad881e3d1366539205
SHA1

1aadb9e68e10eec7c7db48221dde07d7b6bd6a46
SHA256

ce3bdba5a6dea12656f1d6df88e8850cbbefb8064cefe36dbcc9be8067aaaa6c
SHA512

efd5bb93677e7e0878affd18f28e7a54074a897daf4e274240106ab2332a9c2a6d98c71c7e5e069155233d40da10961c61e240a39f5f36397f26eae003da5312
SSDEEP

3072:OSDdX9bkxiZFtfvXojEqkqoXThP6UugpQ2/GpMPh4hIpRvoAeF3xmAaBAA0Ci96Z:d99xDtCRs9NMphQonWAaBAVCuoxzggh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
39ab5bcde1cafaad881e3d1366539205_JaffaCakes118
unpack001/out.upx

Files

39ab5bcde1cafaad881e3d1366539205_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ