621dfe1c5b3c2bb9ffb76913c289d228_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

621dfe1c5b3c2bb9ffb76913c289d228_JaffaCakes118
Size

20KB
MD5

621dfe1c5b3c2bb9ffb76913c289d228
SHA1

7528c4e0d666e899a446422b2db421ae697af96a
SHA256

030640b1288346f50dfcd3e73ee0a96132650b566aba8344523fd8a4e14ec746
SHA512

7fb98e4ee8e34c4dcd392d61a0f44da677185d9d2e601a80601d8f0bf98c639702e81bc4d7045e1332f3e5504b07e82af49c40e569d73066e2cb6a58f07e0137
SSDEEP

384:JVGnJri4HGEszxWWjzFwjHuRmOTHfYu4/M6YfLlKSWG3:XgOX8WjzFeOr4o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
621dfe1c5b3c2bb9ffb76913c289d228_JaffaCakes118
unpack001/out.upx

Files

621dfe1c5b3c2bb9ffb76913c289d228_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ