47545ca8427d5017ab1b20ffacbd145b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47545ca8427d5017ab1b20ffacbd145b_JaffaCakes118
Size

378KB
MD5

47545ca8427d5017ab1b20ffacbd145b
SHA1

e74956f6900927d42effdc0d4b49cb127ccc5bbe
SHA256

555a8e32d4e78ec2d9e290d087c930243bff9c119200a2b720a238b8a623aabd
SHA512

2a8a2f5c4936daff29630fd24b09a2de4a1fed0d9e53d021161164b1a5a6c49045945e132f9281ebf458891a35f99c0ab2d3220ba95ba06674165b75bcd71389
SSDEEP

6144:TYI3TKkXn1o6bzipMQSJl6aPipAbkVjl2UtNVKYNGH9b/w/8IOmkSBnjSIp5Rv1q:DBX6Ctl6agAwVRr9tK98kIOcjdp5Rv1q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
47545ca8427d5017ab1b20ffacbd145b_JaffaCakes118
unpack001/out.upx

Files

47545ca8427d5017ab1b20ffacbd145b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 362KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 720KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ