3a822ed84896436eeea9f6432aa249a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a822ed84896436eeea9f6432aa249a9_JaffaCakes118
Size

15.2MB
MD5

3a822ed84896436eeea9f6432aa249a9
SHA1

5061bd7002395e7e8089f6ba963fbe56ee1fc29b
SHA256

7f3d83f430999b9a7cd1f2219df1256225e85b235058d4d68dc323a8d368b7e8
SHA512

c7b6d23f2e31e06c183e64cced490069275239acb57f7a9b315608e4ad8a6610fc6e2fbba0c5e12a52742aec76e38b7c4c093cf6b0d293784054a3821902d956
SSDEEP

196608:Igmy0+z4wpRn+l3AjLC+XAvMeFsYFJ+PydDC3FqvsK/8qfPPohW8Evx:+AMqR+uXQvMGyFqvsWP8O

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3a822ed84896436eeea9f6432aa249a9_JaffaCakes118
unpack001/out.upx

Files

3a822ed84896436eeea9f6432aa249a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ