640f09a4e5e3f2fba7d2c336351257f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

640f09a4e5e3f2fba7d2c336351257f9_JaffaCakes118
Size

123KB
MD5

640f09a4e5e3f2fba7d2c336351257f9
SHA1

7752ef59c60f347e5f74a0ad7176fbd7311d4a5f
SHA256

e4fe2f8d7880e68b25dfa29cb3ba1e9ffa8f851ce5d7762b2565415ed81b0b20
SHA512

e4ee975ba4eba8e0f9db2e88ba8f84f12584b2b49245dae612a4039ed83bc94f83c013552e27b976a2e9c717eed13e61a01805defcc656297cf3aa19dd6ac9f2
SSDEEP

3072:ueSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLKY3Pl:uVYrJrOSsRwcpX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
640f09a4e5e3f2fba7d2c336351257f9_JaffaCakes118

Files

640f09a4e5e3f2fba7d2c336351257f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

42vab535
Size: 62B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oqvrztrg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ