6a095edd4747d468416643b46fbf84c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a095edd4747d468416643b46fbf84c7_JaffaCakes118
Size

256KB
MD5

6a095edd4747d468416643b46fbf84c7
SHA1

93bbc807d9738fa59a5409a99147ed20cf4300a4
SHA256

663fc112373010603993c1b68f47a8c44cb5d15948bacdb9385f09304fcf0939
SHA512

91ddf4d4c11c900aa0ba74489fad21c78c481c6a550726b96820e6cbae066d28e36e9a43d7cbb339c5bd3181df56730297c9286f663344a73686f1571d8455bf
SSDEEP

3072:P4mXKT9kS1UmWHmLn4pHVL6gc3ypdKFACqCksRp9IILZ9U65264l4aAeHjw68Ywr:Qh9kS+HQiF4yfKFbjUnFPV22U2Zo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6a095edd4747d468416643b46fbf84c7_JaffaCakes118
unpack001/out.upx

Files

6a095edd4747d468416643b46fbf84c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ