5d181cfb7197e456297041f2b177cfdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d181cfb7197e456297041f2b177cfdd_JaffaCakes118
Size

50KB
MD5

5d181cfb7197e456297041f2b177cfdd
SHA1

7c67139ffee7d2927ea2a26b63d2ca7940d20034
SHA256

1a8f148120c4e0b97b179a162eec92ea7f42b9b33ef9213a6fbb37d0cccc036d
SHA512

f552d8f52bc39bacb8a502a8a48839d8bd179e4ddc32d1fcd8ecbde90073203c1d691e7f912dd5414a02d07c7a1e8843a5ae387a2e2074eac855b13a4db90edc
SSDEEP

768:L4rQrWrxHKIiWGDmO/b4DwyFyUQS+wGlB6GiMuSvGtzCEgBqtpSVHNVZ8+Wd+csk:LzrYuDLT4DDsBFQMuSvV9BYSVHNVOEk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5d181cfb7197e456297041f2b177cfdd_JaffaCakes118
unpack001/out.upx

Files

5d181cfb7197e456297041f2b177cfdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ