67b77c2a02e397998423892fac3057f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67b77c2a02e397998423892fac3057f5_JaffaCakes118
Size

15KB
MD5

67b77c2a02e397998423892fac3057f5
SHA1

d4fb892427be6e8bdc97046831d4287fba25bacd
SHA256

f246f1bf702342e7ae8393a4f829a6a6b6ca2ef7755280bbc9ec50e0ad51e2af
SHA512

67d374ed645036e0a47fcabfc39729b3439d01af4c3598feb65e09bc680431d8130a0cfcf4e1cfc1ad019121e521b89a0b0324425ca32f13c39deea8c7c7f6a0
SSDEEP

384:IQ1cU8qAflePV7x7hvUxbKi75q9H/AeXOON+:IQ5elwV9p+5q5/AQOON

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
67b77c2a02e397998423892fac3057f5_JaffaCakes118
unpack001/out.upx

Files

67b77c2a02e397998423892fac3057f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ