3eeee79c0d47d566474463b275673ebf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3eeee79c0d47d566474463b275673ebf_JaffaCakes118
Size

54KB
MD5

3eeee79c0d47d566474463b275673ebf
SHA1

7aaa88296e1bc8d93c740fcc605aefc17e88d3df
SHA256

41bbf4c8ab274e45ea24ced1066491eed24ead15b3522e0f9a3fb9c419aa9c23
SHA512

4cd2a2e20ad502f8055b3c2d09f0c3ff3a9af84339550b92474ebbc99a8fd22048ee5507119125f8d3c64c4571349986b8325edb03dc1a488319aafe7df98a59
SSDEEP

1536:ojLjUEBIr4zKe1YBc92i2zmeYZwqNIsRD82Z:ojLXBIEzv6M2i2CeBgHGy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/eclgn220/eclgn220.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eclgn220/eclgn220.exe
unpack002/out.upx

Files

3eeee79c0d47d566474463b275673ebf_JaffaCakes118
.zip
eclgn220/ECLiPSE.NFO
eclgn220/eclgn220.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ