4c31cb2cb2ed81df0147cc31bdbd2fef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c31cb2cb2ed81df0147cc31bdbd2fef_JaffaCakes118
Size

750KB
MD5

4c31cb2cb2ed81df0147cc31bdbd2fef
SHA1

3664adf394d903b2216a715d83858e13c7e45074
SHA256

c538284dfb95308d64b7c4d72b64b64de888da404051c8ff1d1991eea0682a06
SHA512

8882aeb0b4a7590faecae35bdadd107dde8b16abb61d804985c5ad9e947d41c2bcf497060a381ab94c92c872d7f89e31e101875f93870fec9b4e5f50c9fdfd94
SSDEEP

12288:UAssFTpvTChzxk3clcgPD6VmsB5D1hyJRtFOtvBuyS6R/0lN0Md+TL+w:UalveFxsscTmew3t6F0lN3d+T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4c31cb2cb2ed81df0147cc31bdbd2fef_JaffaCakes118
unpack001/out.upx

Files

4c31cb2cb2ed81df0147cc31bdbd2fef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 836KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 748KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ