5aa0170c8a9251c6fb7a2390117a651e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aa0170c8a9251c6fb7a2390117a651e_JaffaCakes118
Size

66KB
MD5

5aa0170c8a9251c6fb7a2390117a651e
SHA1

5309703e3f4ea154306c9ca0dd416522217d4268
SHA256

6dad0c3d2a3a70fb72ea30809c8ce1fd89b8589574ed831cb6e39290f49bceb5
SHA512

25373afd3578e0d2924b52d1a68f7f7351a7937f402647159799a0770daf3f620d91bb73b0d6b9a6aff08583bc54f49875fbd9e31edb5636b87242bb8be2bb36
SSDEEP

1536:cShMHJevk7jGLO6SdeOV20RiN7wwGi1CM/YaIk4W:c8MHlQSdeOJCEMPIkx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5aa0170c8a9251c6fb7a2390117a651e_JaffaCakes118
unpack001/out.upx

Files

5aa0170c8a9251c6fb7a2390117a651e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ