482a7438b308a5e4423f481a673f66fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

482a7438b308a5e4423f481a673f66fa_JaffaCakes118
Size

85KB
MD5

482a7438b308a5e4423f481a673f66fa
SHA1

aa5e7b71e476a191615eac5f92818a22d9682a1e
SHA256

c236e5086f4bdb3a77a39c052ecda44ec1a18973ba8f7a4a0ee30ddaa6be82f4
SHA512

3b1588cb7a68d3a9fb86b9334a6c9008c0cbf3d0fa9c39f1e632c36f6bcced0cf00b0e804772fb4c39e502df42f8752e14d4beb276093a8b1a9b091d3becbbff
SSDEEP

1536:E1hW6SB7uifz9F+6pd91/x/8dJZ6j68S/AelBj48oWkCsfCx30BkqGhn:0S5ukF+u/xk6helBj+B4pn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
482a7438b308a5e4423f481a673f66fa_JaffaCakes118
unpack001/out.upx

Files

482a7438b308a5e4423f481a673f66fa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ