5bd21935f6f94d572a33552349ce9ab3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bd21935f6f94d572a33552349ce9ab3_JaffaCakes118
Size

116KB
MD5

5bd21935f6f94d572a33552349ce9ab3
SHA1

d32d9294d4215ef4dc6fdb5af65c0cab9b74e322
SHA256

5d9f90575fdf7cfec2020faeefa4c22e9bfdb4841b0e020584b650f06bc4e036
SHA512

b0eaec6cb23e7d11933c8c149aef1e6442692758cdb32e10d4a6fb4678781ba4ea35e9cf03d65e8acd7ae7961900a9654f61304e5906748c35b9f7fcf7d79ebe
SSDEEP

3072:MLssyFbuSM91jT1Dx0inLpIgMHW1qEv+aJe1mgawzxsBub86cjIHxowox:MLEy53T1Dx0inFQNEGTV5n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5bd21935f6f94d572a33552349ce9ab3_JaffaCakes118
unpack001/out.upx

Files

5bd21935f6f94d572a33552349ce9ab3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ