43baff168ab9527c9ecf712d8ca832c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43baff168ab9527c9ecf712d8ca832c4_JaffaCakes118
Size

68KB
MD5

43baff168ab9527c9ecf712d8ca832c4
SHA1

6b4aca6462a8dc7c61eaae6e273da87b7e3ccda3
SHA256

1ad32950579b71959fac7219fb8bac6f861c3663ef2305a1b5ad0c772589ca00
SHA512

4eacf6b67ed1bb3264f97e7ee116f6f56e5714804589231c0d54c39ff7708798cb699d2e53a21a9f4b60a6c518f794b465336cccc8736cabdb8fbbf16d16dc1c
SSDEEP

1536:Sq1m9D0fHaSncAAf8oeWiHY+yet4rLnEDLPiBsFNHHcPEXlAZNxY:N1kGH9cAqV8tkoLPi6HccmNm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
43baff168ab9527c9ecf712d8ca832c4_JaffaCakes118
unpack001/out.upx

Files

43baff168ab9527c9ecf712d8ca832c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ