689cc2e4902947bdbec95d3175b8c29a_JaffaCakes118 | Triage

Sharing

General

Target

689cc2e4902947bdbec95d3175b8c29a_JaffaCakes118
Size

431KB
MD5

689cc2e4902947bdbec95d3175b8c29a
SHA1

e12da11c7e7f2f920ed173054b0074cd37c43f4e
SHA256

23d18694052f5a57fe65f49a7f62b69d34bcae0a3e1c3564475b6ebdcc5a7ffa
SHA512

e764faf6aa4dc88fd7091eb19ac33672c669fe9b137800d2c26604bc3b0f6a99554a4849fedea18314de0da9429b922d9f21ef217adb7a1e80bb7fbc82182c72
SSDEEP

6144:qQq+1kD5lXGjgIkh4zOTgf3rCwGAn4qVErXOkn3TRekgMzCay6vz1jh1O6BafxFw:6++dlPIo+3rVEDOG17BNBsc4B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
689cc2e4902947bdbec95d3175b8c29a_JaffaCakes118
unpack001/out.upx

Files

689cc2e4902947bdbec95d3175b8c29a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ