4a1ad1de83c5e506df3d28614c1744f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a1ad1de83c5e506df3d28614c1744f4_JaffaCakes118
Size

1009KB
MD5

4a1ad1de83c5e506df3d28614c1744f4
SHA1

ea2d1e520374b18861d7814416a2257832bfce98
SHA256

9b344bcfecab69bf75afd327db4bb409663adbc352543e09a69b51f2a7e1764d
SHA512

a648acf1dd8b4f088c4caf1dd32f74029a3aebf6451560b39648bf824b134adcc17da0947a3cd7a759e53bb2460ca64e49e62119272f2a4a0c1d1f0f6cda9aca
SSDEEP

24576:CtARvl3LEAcH9fXqiJqiQ8KxchKKL+nOu:CtARFri9BJqiGeKKL+Ou

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4a1ad1de83c5e506df3d28614c1744f4_JaffaCakes118
unpack001/out.upx

Files

4a1ad1de83c5e506df3d28614c1744f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ