4aef3ca09ccc8c920be126cfbe07329a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4aef3ca09ccc8c920be126cfbe07329a_JaffaCakes118
Size

424KB
MD5

4aef3ca09ccc8c920be126cfbe07329a
SHA1

1286644425d6a2deb86b44077383555a9c67ca03
SHA256

10ff0ff1d33a90b6d9f0904774bc07417eb93a41894654c3a9c1ed56dd6efbb8
SHA512

dacfc05b82c93c3521fb11f62c78a98e95f40f888b8e51f0d565274d1b976aebb214bddd8cb6cab97ce8d4584bf91419d837a311ae05025d8e6f821f8b2e51c8
SSDEEP

12288:pbX/SHZrevW2SjVKwkTBLD9dC09itX6tfTIcjK:pbXQ6vWLAw6C00wW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4aef3ca09ccc8c920be126cfbe07329a_JaffaCakes118
unpack001/out.upx

Files

4aef3ca09ccc8c920be126cfbe07329a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ