3fafadbaa3408fbd91dda5bf2f645068_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fafadbaa3408fbd91dda5bf2f645068_JaffaCakes118
Size

1.8MB
MD5

3fafadbaa3408fbd91dda5bf2f645068
SHA1

8b7cdf8f811ec50be83a3bbb0e682067cfb32eb8
SHA256

e0d2e7ba50f39ca7dc6980b1847f17124638e7b0097c8d33180ff35dba614f99
SHA512

35ff516b8a5fdfd57138e4d3b22d64d51aacfae64ce284d4c2c4b62672c8c007a6ba62a3111859e249f52cd8a087a3c73f0b770b2def8ad93b5dcae8159901d0
SSDEEP

24576:eTeZJ8NI8kRd3XRon66+6Uvay6V8eEerQZb+md4wm2j:/8kyxn8xerQZbd2qj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3fafadbaa3408fbd91dda5bf2f645068_JaffaCakes118
unpack001/out.upx

Files

3fafadbaa3408fbd91dda5bf2f645068_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ