71b136651a1daf8ce6fec64f3dbe0f45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71b136651a1daf8ce6fec64f3dbe0f45_JaffaCakes118
Size

74KB
MD5

71b136651a1daf8ce6fec64f3dbe0f45
SHA1

df522ebd6c15e86f38b419f670e23312be3c71e9
SHA256

bccd88b4acde9b2d1a2ff23c3d7e1a4fdb3caac1de55442ab61ade485c992d26
SHA512

a54b5eecf85eb4822a1b5b43aaa9a912143dbec6e3798c919a1bf40d5b18db9617c6fb1fcc2e266ac5dceda6def1f8d3735a308c042efa10d29206864c9d97a0
SSDEEP

1536:I1b/6JdpNSB1L9WbwfsK3z+4C+iNStghe72A7Yy7Oi3/P5q1gu+dSw:I1bXvEKscnIryn7Oi3HB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
71b136651a1daf8ce6fec64f3dbe0f45_JaffaCakes118
unpack001/out.upx

Files

71b136651a1daf8ce6fec64f3dbe0f45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 12.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ