5ea167b7fec3bc97a5551bd52428f4fe_JaffaCakes118 | Triage

Sharing

General

Target

5ea167b7fec3bc97a5551bd52428f4fe_JaffaCakes118
Size

33KB
MD5

5ea167b7fec3bc97a5551bd52428f4fe
SHA1

6ac42bac7eea80096611de823fd0afa2b82380f0
SHA256

427591c6c406664f5b396c1d32c9df37610e7910d01a28741fda966fce150cad
SHA512

bb928c752973a308829b2df58156f9a1ddd7c5359d2e3a9b132a77bea023c2d9bde7d1aa5a6fa22580e62b89f22daef68e557703f9bfd61bd05e0fdcf744e9db
SSDEEP

768:hoR26sTm5fMj91Fp0sclX+x2AYVLd1ruQG+7uqXs:CR+T+fg1I7lXQ7+Ld1rM+7uAs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5ea167b7fec3bc97a5551bd52428f4fe_JaffaCakes118
unpack001/out.upx

Files

5ea167b7fec3bc97a5551bd52428f4fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ