41b2a077e1e891ba844adf6ab8a43542_JaffaCakes118 | Triage

Sharing

General

Target

41b2a077e1e891ba844adf6ab8a43542_JaffaCakes118
Size

484KB
MD5

41b2a077e1e891ba844adf6ab8a43542
SHA1

35a9835bef64585e0158eae756dc3c20af95cbae
SHA256

41e434601c61e7b07cb49a632ffadde1e56d183e02380c97f2fda04e52ce3a22
SHA512

c9beb9cf1e690c9d282f52883648ca445e4f814167b4352cfa5dddd29ec988a94bc7aa014d9d05e994e68d12ab4c2482193e74231dfd8542a8486a21037dce3d
SSDEEP

6144:+Bebc5F2/Jk1SEr9CgvAFldJn3AqXP5uWqeR3AcH05RkmG3b15JFV/aCpDnbT6y6:iR5gt4WzzVwMwFG3VdbiyEJig

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
41b2a077e1e891ba844adf6ab8a43542_JaffaCakes118
unpack001/out.upx

Files

41b2a077e1e891ba844adf6ab8a43542_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 482KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xd
Size: 654KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE