70afb54894fed3f3e3c5194e0cc4dc00_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70afb54894fed3f3e3c5194e0cc4dc00_JaffaCakes118
Size

14KB
MD5

70afb54894fed3f3e3c5194e0cc4dc00
SHA1

c435ba935b3475f344b48612a8dd6c477b76f83b
SHA256

6e6b15a27d026c77fdcad0ea3b36fb7b5c6fd959d2da427e49174f9e697aaa5f
SHA512

902c5d955069f55dfb5eeb73b3d64e9a25efa48ca0e781296d8553be328b8514b4fa5e83c1c3506dae233b1cfdd8f78613a8935c69b055752155c2e83f0fc032
SSDEEP

192:Yox8Oo/VoiancU9RTedU+ci3yWiJkprBpyKrEyncjWOKwbg5y7b2ec0:Yo8OoQOd5ci3yvOjRnPpy7b/c0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
70afb54894fed3f3e3c5194e0cc4dc00_JaffaCakes118
unpack001/out.upx

Files

70afb54894fed3f3e3c5194e0cc4dc00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ