4e11badd9238186c4eea76ed20da79b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e11badd9238186c4eea76ed20da79b5_JaffaCakes118
Size

108KB
MD5

4e11badd9238186c4eea76ed20da79b5
SHA1

47d6686df2374558a8cbe0892a329e23bee11e4b
SHA256

c6de81cea71a30d03efa97ace7713c88c9164cecb5dfdb58b12b969b79df2595
SHA512

a5c55fd62ef9a68c83c3e8a461dfcc8dc2da60f3bd7172e7d0bd7e4a81352cc00cd7ba84b533f7af6afdcb674710049d0af4fb82eb790561d1e03f39b34aeb68
SSDEEP

3072:3ojzQzOpQQ5r/BI/S1rwjccU7uvusN9y3MvaO5MzJhp:3ow65ScrwwcnWsNw33O52R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4e11badd9238186c4eea76ed20da79b5_JaffaCakes118
unpack001/out.upx

Files

4e11badd9238186c4eea76ed20da79b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ