654d6c9448b95a3a0f948210bc14cee8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

654d6c9448b95a3a0f948210bc14cee8_JaffaCakes118
Size

528KB
MD5

654d6c9448b95a3a0f948210bc14cee8
SHA1

6d8c83a8c6cc67403478a8360cf42305a7f0e1b1
SHA256

835ca1ee964e433a3f06a0fba49151faffdda9dcdb0254585ad4df9c8e33fe14
SHA512

c68c8d85950272abe2b8f160fda73ca667ae05e8c1d282b256e60799f9c89d532c37b8a097ad1a81dba3bf852f2540f55a918cf0309353a3483f0a5e8b65c2e7
SSDEEP

12288:fvm3G4uiHAfdVlIar3X+iv7kryvngXM3BIh5yT9gli7HvnLPbnWIINr:fvmqigFV9r3XrzfgX/soqL7I

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
654d6c9448b95a3a0f948210bc14cee8_JaffaCakes118
unpack001/out.upx

Files

654d6c9448b95a3a0f948210bc14cee8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ