4d3be65429082f319b5656bc83044715_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d3be65429082f319b5656bc83044715_JaffaCakes118
Size

25KB
MD5

4d3be65429082f319b5656bc83044715
SHA1

7dbd68bf8c93af0a40dfa0ffa179c29de46396ff
SHA256

8d66b2bf237d0c9e2789a1e9c3e837bb7ef019d8649b62b4077be0df46948c90
SHA512

6cdd6d4ca5a5ec9fedfa5bb2892f253a95fcb2b3002c9dcebebbda734652f69aebb1c374613d7e70b111e9150965af615e580f9a8d774a9b44af9f8d1973536c
SSDEEP

384:eoe19OAAEGREsa3DC1xlPWcYrLr5m2Qed67U3mqbAispiPUBWNiZgYl+:RmATE9zC12cYr82QedOqUi+vEg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4d3be65429082f319b5656bc83044715_JaffaCakes118
unpack001/out.upx

Files

4d3be65429082f319b5656bc83044715_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ