4900feca90bbeccf6d62c3aa60f55226_JaffaCakes118 | Triage

Sharing

General

Target

4900feca90bbeccf6d62c3aa60f55226_JaffaCakes118
Size

81KB
MD5

4900feca90bbeccf6d62c3aa60f55226
SHA1

e5ef964957c98df59ecc5d34f8fbe75f2164d2b1
SHA256

e747172bd1f4c259026c2e5afee40c41e6aa9a668886db1bfd1044d1da510bb4
SHA512

d99b5e38e279d59de20a342407804f1d6145a18a01ae810f14f4ac530a192bc020fce483c005cea628a585db03cbc120bf068d9ef70a403200cbdc084be158cd
SSDEEP

1536:BY+G+/bvNjLT/t3ogmgwrfMdXWASGazLhV/m2BPGgM4D1lN1n:8+TvNjXSgBwDYGBVDDPBM4hd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4900feca90bbeccf6d62c3aa60f55226_JaffaCakes118
unpack001/out.upx

Files

4900feca90bbeccf6d62c3aa60f55226_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE