66f9916fea39522d906b27b2c254c440_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66f9916fea39522d906b27b2c254c440_JaffaCakes118
Size

175KB
MD5

66f9916fea39522d906b27b2c254c440
SHA1

278486c116f7b96e03514a15e5b6b23f196c8089
SHA256

03e16ba536bb737678e5aead3307fa7a38344a7cad7a48b8f291081eb6e45356
SHA512

f4e69eaa165ce4bac29439d24f22ce40d37e4116994434c20a14070d3670863309b698cedba5f52cf5fe3c2a1c0d2a9f550305874e94de24af4f8981fc6bb7fe
SSDEEP

3072:MEjVHeXUTN4Ns1vJxrOL60AD85h3/Cz+ZYyXGdoyQdFKj3kCTN9SJC0ekTN:MEjVLTONWJxrOLw85Z/7lDUjNj70ewN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
66f9916fea39522d906b27b2c254c440_JaffaCakes118
unpack001/out.upx

Files

66f9916fea39522d906b27b2c254c440_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ