3e86edf6426f925b8e89e0c164637c64_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e86edf6426f925b8e89e0c164637c64_JaffaCakes118
Size

94KB
MD5

3e86edf6426f925b8e89e0c164637c64
SHA1

2790a39d118220984a48bafcfbed6fe6fca9c13f
SHA256

14851e08ff0eedacd5d4f5b7f3c4a918309d4eaefc57e0391331fa2e38965d17
SHA512

07312a7017de75eb884b5ea7efd30f8c60d78b4fc58e814475350e820d8ab09b88df15f52932f7f78ba53fc9159f24ace433f7cb513561f6147d474a52a598dd
SSDEEP

1536:mSyCfPTOw13KDSOusnZ0X0THxF2rUcYPzhgE5WoHHljJCVontuEKp:FjDOBJWXgHxFWqFlEVwtu1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e86edf6426f925b8e89e0c164637c64_JaffaCakes118

Files

3e86edf6426f925b8e89e0c164637c64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05c7df6d575c13faf78878f9450f3b20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

Sections

UPX0
Size: 91KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1024B - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE