6a437d0f42b7f6aa364194091757a595_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a437d0f42b7f6aa364194091757a595_JaffaCakes118
Size

71KB
MD5

6a437d0f42b7f6aa364194091757a595
SHA1

6584913014eae39054094257065ca84e88d93d34
SHA256

03a80dbd6a2cf3c3bc37c877da20af116502f73e21b8f0d7161a40a8ab3289e8
SHA512

a965829a84170a908d685c3e47da556e6540ba9d725eb3254ab5e848fb7ec53df16abcc84e3a3e1a08a832a58a72d93beec1ccd629aed7731875d68828a387ff
SSDEEP

1536:+kCRVCpVAQLwSZxTSm3UmcFkZUUI8Ix4S3aoN1mDvTyqLitXaMbndsgj:+keVCHBLwshEmu2I8IxTBqDmwiVDzj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6a437d0f42b7f6aa364194091757a595_JaffaCakes118
unpack001/out.upx

Files

6a437d0f42b7f6aa364194091757a595_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE