70db8dc30e5c717f77c395f205920f6b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70db8dc30e5c717f77c395f205920f6b_JaffaCakes118
Size

82KB
MD5

70db8dc30e5c717f77c395f205920f6b
SHA1

9c4e068c2c073eb9e28eddcdaa39d26f7b6a2888
SHA256

15f06b9d9c7ac93f8f025fc5e0ac52f0114903c1c1a833a318f62b8cbfa3bde0
SHA512

5ee68519c747e3896c0df413e31e10136e78da884ff096acec4785af2207d264133e334c966277357f1decada6606cf97780e36bbbf5197f7a5df0db38ab0fc9
SSDEEP

1536:wag53bVnMGYzCmNdYUrJmegGDtcKOGHITX3urI8+34dhn:waK3bVnjuCCmuEegGxNoI+3C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
70db8dc30e5c717f77c395f205920f6b_JaffaCakes118
unpack001/out.upx

Files

70db8dc30e5c717f77c395f205920f6b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ