5c44939a17925e6a4bb784223ae61525_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c44939a17925e6a4bb784223ae61525_JaffaCakes118
Size

683KB
MD5

5c44939a17925e6a4bb784223ae61525
SHA1

582f96c08784b3c50aea10a88172ba7b92eec4e2
SHA256

60750834fe006dba6f8b6e6762f42681bd3035b92f9cfbdb2f9884843564d25c
SHA512

68b9df427a7789100e46d767c3babae8af631932a3f7fec5ffe58e16707a061bdd5a5f0f00bc4bc2db41f086e43bd09feb9b05f0a51b4cbb1fe2e8d6a3237bb5
SSDEEP

768:l68C7xrH1KAp1LybH9agg56Agl+gBJK0W1+XpaEuT+fvm0EJESOHg+:48QxJydrWgsgBJpgapaTCSOA+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5c44939a17925e6a4bb784223ae61525_JaffaCakes118
unpack001/out.upx

Files

5c44939a17925e6a4bb784223ae61525_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ