6260db1c58c0eefa7e46bdef9a687fb6_JaffaCakes118 | Triage

Sharing

General

Target

6260db1c58c0eefa7e46bdef9a687fb6_JaffaCakes118
Size

31KB
MD5

6260db1c58c0eefa7e46bdef9a687fb6
SHA1

9b8f8c73593437a24ab44cd2680e93550d17b185
SHA256

4d7e497f93fbdb1259fa70c59bf8fd00df64cb7c0a610bbfb9f2cbfebe5d60ac
SHA512

a4c3257bee939167c636a52ad7d454fa44926c19090c7cfc34dc88ee9c5b7ee0dccd08d691230071ca9342bb042425080176059cf1c15419c44cb6934cfd1628
SSDEEP

768:rbQ2Bq9AQMYbMv4m/i/aFqmOsqdhPcuRMUR:rbzBYu/iCwmKhcuRb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6260db1c58c0eefa7e46bdef9a687fb6_JaffaCakes118

Files

6260db1c58c0eefa7e46bdef9a687fb6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

321c7e4c598867c76803ba9dec703494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
MapViewOfFile

Sections

.sdata
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 485B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

windows
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ