496cbe6f6041c03a67198487edc0f55c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

496cbe6f6041c03a67198487edc0f55c_JaffaCakes118
Size

4KB
MD5

496cbe6f6041c03a67198487edc0f55c
SHA1

a5d84b156ce459cea2f9bd72529c0849a0a9a544
SHA256

7d09fc9fb71a1416cbd1d71f547f0fe62e8718f9839ceb10c7a2ac7f216a8280
SHA512

138e15907811ddc991477a48b9a0a9156b5fafc2033a514754bbdda6c2b7116a68aca5353d4f819d449986c7238cf52f3040a793ca001b287e7966b85f287820
SSDEEP

48:Ck2J64mwZPm3W5p3cO0xcdYzw3CF1O17ARYx9YMKElhWSiQrBSmBiSeJY8JTa5rX:92EL+e363pDKin7Y0jQSJ9F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
496cbe6f6041c03a67198487edc0f55c_JaffaCakes118
unpack001/out.upx

Files

496cbe6f6041c03a67198487edc0f55c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE