3cdb104db93b54746cbbe99a843722cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cdb104db93b54746cbbe99a843722cc_JaffaCakes118
Size

714KB
MD5

3cdb104db93b54746cbbe99a843722cc
SHA1

b22e32a11f3e9d8e4f168e0ba0c90640e2227161
SHA256

1400dbe824dc92fc1645e38bc6d9193c7e603309cc4777c76ae8ca8e819a5a32
SHA512

4d98ea0a7fd464990e3d196455511cb848140d85b6b9374c94cb0b4b52f05e18deb71b23e5a028e2fe7531be6c3476cb76c530610e18320e304d94c855d3fe37
SSDEEP

12288:pLtYqWFkUp5j5xyB+DCXNZtb6OomG6yaqAejspwzTnVfZs11m33OG:ZFWFtj5x7ANb0gyaqsmXVfZsfm3eG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3cdb104db93b54746cbbe99a843722cc_JaffaCakes118
unpack001/out.upx

Files

3cdb104db93b54746cbbe99a843722cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 713KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ