42f7c6a849c3a921b60b574cc5b26b20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42f7c6a849c3a921b60b574cc5b26b20_JaffaCakes118
Size

91KB
MD5

42f7c6a849c3a921b60b574cc5b26b20
SHA1

992198844e0983ee4d045b3370539d91e3ba2eb9
SHA256

3cd2c86fef298f0cc0f8acca1e78f3c262df2799b2f40a5ee8f3ebbb4661b0d0
SHA512

d7e33d6d8d6f2df41e2412574c329d4268623cbaf0e8d31c71daa75c6f2a85c83ce9ab30fec31a2017a89821d58f56c03de004a515cddc8b83bfc743ae1d2e45
SSDEEP

1536:crhgIX2kLepWZOsMVMrSAPz0gWyxEQ0uELMCqODKSlRZhQRS5XBBN8I1lx/PGrsb:c3GSep2ONVEPogTxP04+DKUWSRhVErsr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
42f7c6a849c3a921b60b574cc5b26b20_JaffaCakes118
unpack001/out.upx

Files

42f7c6a849c3a921b60b574cc5b26b20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE