3efb4ae097b48c3dac6f7b19b5960c2c_JaffaCakes118 | Triage

Sharing

General

Target

3efb4ae097b48c3dac6f7b19b5960c2c_JaffaCakes118
Size

381KB
MD5

3efb4ae097b48c3dac6f7b19b5960c2c
SHA1

df9ef4a0c3e6b38d5623e7a1b4dc4a6b08afc84a
SHA256

00d77d6043332462cf25ee96e865fb37eead5233c285e267c3b7331c2f1b132d
SHA512

99a82fc4c77683c41c1adee990b8f766ffe8187c8aa108e136a64222ce0d30a0c705a2ae96dabcbaa21ed29ced222a0a18d4fd6d8ed09993a9eba3f5c1a21e54
SSDEEP

6144:5qKDx/I+Zm3zTWLZ3ge/XVDgBSC5fVsZvguS9ulY1J2l5FzDRh7egWsEtj3exIw9:5qKDS+cDaLiefVDCSC5tovgLoYnQ5Frp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3efb4ae097b48c3dac6f7b19b5960c2c_JaffaCakes118
unpack001/out.upx

Files

3efb4ae097b48c3dac6f7b19b5960c2c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 329KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ