618eb6caef36da879fd1463ab1a1036b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

618eb6caef36da879fd1463ab1a1036b_JaffaCakes118
Size

40KB
MD5

618eb6caef36da879fd1463ab1a1036b
SHA1

f46fa687b9e81c4d22fdd61d3708753fcde0b751
SHA256

bf9870ab8e62cdabaa0c14a903bea4d1ac661f6e06266f9be41d3d70c565ee06
SHA512

2f21d06549ea52dbf28060a55f5587cbf72742c7c528a860f997e8ce94b2f13f4bd81d31b9c26e0bea0ea8321dcb3141f9fc0d4b1661efb0e54ea79b7d70c0b1
SSDEEP

768:p4+nPzCVixF1oW7JIwQN/739z4oQ5udeq4fcpzmve4iWT:bPOV+n7JInNRy5udeq4Egjf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
618eb6caef36da879fd1463ab1a1036b_JaffaCakes118
unpack001/out.upx

Files

618eb6caef36da879fd1463ab1a1036b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ