5b4963e5a3a3aa41bcbf8cbab0c35fb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b4963e5a3a3aa41bcbf8cbab0c35fb7_JaffaCakes118
Size

136KB
MD5

5b4963e5a3a3aa41bcbf8cbab0c35fb7
SHA1

2b7318054e590b855ab2bf3e4b710129bb5e1eea
SHA256

bd3607f2e8a9c79c72a4f83342001dc63ba3e8e02bee86b6193f25dda6588afe
SHA512

f5b1b57a6fe85ecbc24e0f3152b1def802e6162cbf7aeed218e14d4e6ca57054775fe26923aa084c10aecee1d0f4ea9bda92f659cb6760306e22eea794d60f94
SSDEEP

3072:LaNF+nwuxphRYDsFrHnzU3grVyTOVuCbpajRDM741i/NU8bOMYcYYcmy5TA:Li+wmphRYQxzUayFCbpsaWi/NjO5g

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

5b4963e5a3a3aa41bcbf8cbab0c35fb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

647b2d25b4821905b4195ff7a6455b54

Code Sign

0f:05:05:ae:8b:e9:b8:bd:4e:fc:a0:60:c8:94:3d:2a
Certificate

Issuer

CN=1,1.2.840.113549.1.9.1=#130131,0.0=#130131

Not Before

31/12/2007, 16:00

Not After

31/12/2107, 16:00

Subject

CN=1,1.2.840.113549.1.9.1=#130131,0.0=#130131

21:10:cf:2d:1c:1c:4b:69:29:9e:f0:eb:ff:69:08:6b:e8:ba:43:d2
Signer

Actual PE Digest

21:10:cf:2d:1c:1c:4b:69:29:9e:f0:eb:ff:69:08:6b:e8:ba:43:d2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

UPX0
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE