5f598a67bed5d858df1ff2172cabc90d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f598a67bed5d858df1ff2172cabc90d_JaffaCakes118
Size

94KB
MD5

5f598a67bed5d858df1ff2172cabc90d
SHA1

9898c6e11ef8607e78105bdf423ce49e138f1045
SHA256

b2ce000033f5a4e7d0d5770281ee35391f54659c7ef6ab5de7ceee1f919cea11
SHA512

89ac3c6ad6187c1fc2180ec9aac8ea9bb70d78f3737a3a4b2e00d213637486c8b491e73c8acd0d79b7b6fc851608e145557f40712e177f381149a1094841c3b8
SSDEEP

1536:vKH11FMindNjSen0nokrq/h1JdEL0MOdv8kLfkjAclEToJsLaBMTUeDmhPKAl:vKV/MC2s0FY3JmL0FUkmTETHKnhh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5f598a67bed5d858df1ff2172cabc90d_JaffaCakes118
unpack001/out.upx

Files

5f598a67bed5d858df1ff2172cabc90d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ