695c3fae159c82f3315ebe2760a1de27_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

695c3fae159c82f3315ebe2760a1de27_JaffaCakes118
Size

21KB
MD5

695c3fae159c82f3315ebe2760a1de27
SHA1

c20e9216e10b410d7649bd607e7d622d61ea9310
SHA256

d823fabcc260c1e4b8c78231c76c3e02dfb6c6f5b11e04be8517f67261ed66d4
SHA512

0ebbb3071d6db67199c0dffe05364d08e3ffb20e77c83c146c7c468a0ab0d1b469c545a1f733ed90b4d0d957094d2e93707d4a92099d82cac39c8f4606b5db4a
SSDEEP

384:52OxE8EmUb+R/a4CtydWqAxzzb65vFolQWRYoir:MmCuR/arEWZxzqJFojR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
695c3fae159c82f3315ebe2760a1de27_JaffaCakes118
unpack001/out.upx

Files

695c3fae159c82f3315ebe2760a1de27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE