4b1b81872308eed16a62790b1c291227_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b1b81872308eed16a62790b1c291227_JaffaCakes118
Size

105KB
MD5

4b1b81872308eed16a62790b1c291227
SHA1

327fa655db77c789c397a46c5185e3e619af3301
SHA256

0be07ebeb709e2932b50b7c98c9de48280a8dbdbcc02dd607142518baa85e189
SHA512

e5d328d71c1f8835b7630f89ff57a68d68cfc6759b958c577f63da75cf178ec737584872a2becccf6f580de10cfc9dbbb50b36428e90d40b1c9601df557ceb64
SSDEEP

1536:aMpyhQ/TFTVCqxE/9rW3CIIvYISwsLAddrY1gYR0eC5snR7R/Ckb4myrma+XM:aMp/TFTk9rNkDLnllMsnRN6kbbyrr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4b1b81872308eed16a62790b1c291227_JaffaCakes118
unpack001/out.upx

Files

4b1b81872308eed16a62790b1c291227_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ