4537368ebfd9eccaaa3131a72c83f2af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4537368ebfd9eccaaa3131a72c83f2af_JaffaCakes118
Size

338KB
MD5

4537368ebfd9eccaaa3131a72c83f2af
SHA1

827896b90af160cef1a94d37641b042771319359
SHA256

23a6f9262e58c820d4e560e1ad3a7b5c92108357c3619cbcf0814a899cdd09bb
SHA512

c0f3b7231d3f2d6804dd1ea7ece502ec8914ee47a32201d6a9588722cc44e151f8cb4cb274c4f82bea30f3f53afac04882ffb4511007d5b907058bbff865a058
SSDEEP

6144:n3UBWIdkJ77UytzqRQlqYE9ChaoVul2mOZXo1YykFr8XHyfW90Wf3NvljCaVpCUj:n3oKwvRQlZfVuX+XOYyzifW9Nf3ZpCIH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

4537368ebfd9eccaaa3131a72c83f2af_JaffaCakes118
.dll windows:4 windows x64 arch:x64

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28/08/2020, 22:17

Not After

28/08/2021, 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

39:16:c2:d6:6c:a6:76:36:de:45:05:e2:4d:68:75:e4:4d:0a:a8:76
Signer

Actual PE Digest

39:16:c2:d6:6c:a6:76:36:de:45:05:e2:4d:68:75:e4:4d:0a:a8:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllMain
_Z12initCallbackv

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE