67f1731bf2f7e132f78dbf324a0ecff7_JaffaCakes118 | Triage

Sharing

General

Target

67f1731bf2f7e132f78dbf324a0ecff7_JaffaCakes118
Size

87KB
MD5

67f1731bf2f7e132f78dbf324a0ecff7
SHA1

041ad4a37c4a7e367eb90f515666729191736fba
SHA256

b469347c9b5847c3cd72d63a26757bde327fb8b6da645c7ec6e57b15bf65c05e
SHA512

a6c693a8886375f176ddd8977f0bc490d2f7f43bd0c928620586111036473fc30dcab70a2f391917b824828a31f5aeac2f0045ccdc0064a52fc85bb9c956c2ad
SSDEEP

1536:fp+2+RiGAHVhOlOJq6zUlaH5OdQiSk7fLE2Q3yZI2+xYf+eaG+UpVsAu:fYfiGA16tGcLLE3CZI/YWeeUzsV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
67f1731bf2f7e132f78dbf324a0ecff7_JaffaCakes118
unpack001/out.upx

Files

67f1731bf2f7e132f78dbf324a0ecff7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE