4881e98dca2c4b6c928b290d3a781f12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4881e98dca2c4b6c928b290d3a781f12_JaffaCakes118
Size

51KB
MD5

4881e98dca2c4b6c928b290d3a781f12
SHA1

166a99c05bbe08cbe2a5d6c3a8d397b63a37f8a3
SHA256

4022be89bd4bd5065bc22116879b4ff3648dbc026d5b928cf42ef45c8dca87f0
SHA512

59b272e3ea67fb667b740e6d836671e2f942977562780196dcbf9296d3f85d5e0bf476a96b82de32d986199839a4499590528f210b6a44beca78a2e310f7595d
SSDEEP

1536:GRfVXr2q6VH7PP44sBBe9SlyfyyCbX49oG+IXJ8PwYe0BRg:GRf9Sqq7Yz3ZX49oG+CrYg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4881e98dca2c4b6c928b290d3a781f12_JaffaCakes118
unpack001/out.upx

Files

4881e98dca2c4b6c928b290d3a781f12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ