5c472a97312bbdd52509b441a1c1b9a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c472a97312bbdd52509b441a1c1b9a9_JaffaCakes118
Size

91KB
MD5

5c472a97312bbdd52509b441a1c1b9a9
SHA1

c39864f270ad565123d4ec413eda15e3a232b5f2
SHA256

22fedc263988516c6af464e324a081e6e9931d6901f417d99ae0e96e5549bde0
SHA512

8827e4507b08b479ac6696cf559b5199e1100a0fdd8f28b3b555ffe1f1a6e8927167e7a8f7347e7334c0ccd641865e7acd74a3e980b6aea9c33fa29eb620cfe9
SSDEEP

1536:604q4uiPVxQpvwXFuRWKZoAwavf2N+KyUQRoQdhvXddA678+1s9aro4:6bVSeVuRe1avfc+Kq24tdA67drp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5c472a97312bbdd52509b441a1c1b9a9_JaffaCakes118
unpack001/out.upx

Files

5c472a97312bbdd52509b441a1c1b9a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ