44d770c8e8f812f0a895d05d439d142a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44d770c8e8f812f0a895d05d439d142a_JaffaCakes118
Size

378KB
MD5

44d770c8e8f812f0a895d05d439d142a
SHA1

3b4605c29f976e2eb72bb9da436b665995a2176d
SHA256

d1742cfe9b86e5c16c89c0b584c6c9d82d782c29561a8f791b455cca7eec5fee
SHA512

49de73c6453542d39504d9a58190e71997e8d752881f1bb0a912d6506ea1958148caee31a585c016a5a42b45e065767f8c8e9f8599d4d05aed7e65080b679ef8
SSDEEP

6144:5NmKSSY5SeRGOmfxUTnbl4kFGdRVKn405AvOCY8v7OiCUC8tzj+RaDlEODg45eZh:CK5Y5HNmKTbl4k0d/K0O9oCX8NjTD1DW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
44d770c8e8f812f0a895d05d439d142a_JaffaCakes118
unpack001/out.upx

Files

44d770c8e8f812f0a895d05d439d142a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 374KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ