6ac8e75543fbfa47d05524a5fdab2072_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ac8e75543fbfa47d05524a5fdab2072_JaffaCakes118
Size

114KB
MD5

6ac8e75543fbfa47d05524a5fdab2072
SHA1

81a82ded9aae55d65c4a02fc89d42290cd717ae8
SHA256

e59e8731d6cba959b6cef86c0709b8bf579b1a3561636ef109d36dad77c883c0
SHA512

9db92eb2a4823809a2647f898f6e98f4e406bba750fba58f70d3dde1254290134989b9a92c45883170ba66351af18159e7826dc0288737af1c1d287cb5dc3b43
SSDEEP

3072:6Pc8QwWp8wzuE41M5WdmmV4hP+Mkabuu:6sp8BE4GTmV4h+Mka

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6ac8e75543fbfa47d05524a5fdab2072_JaffaCakes118
unpack001/out.upx

Files

6ac8e75543fbfa47d05524a5fdab2072_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ