5ab89eda68c1f0c82d433a834105cc57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ab89eda68c1f0c82d433a834105cc57_JaffaCakes118
Size

26KB
MD5

5ab89eda68c1f0c82d433a834105cc57
SHA1

6eaeb5b32d41d15305dd5d9cafd474cd725f89ed
SHA256

313d7c8feae41f05892e97c3f12b82081349638ace13384cc949d45ee325f1e4
SHA512

9db9cf5b69c7708c3521836873ab3c840081cd29425349ada47f8745d6fe99563f3720e9ef8dc9fdaaddf29ce84d08c1a6d9dc0415ade8d36aae4323102bee8d
SSDEEP

384:0EpSA9kPscJLUQvMLDI7CM20e8U7QlLzYtDV3vBBv/GrWs7RH8x25WsKdDgXkAB:0Ef9kL/h/20d4QlwtZrv/vyRQ25cDg5B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5ab89eda68c1f0c82d433a834105cc57_JaffaCakes118
unpack001/out.upx

Files

5ab89eda68c1f0c82d433a834105cc57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ