70f1bd35fe34c80cc7b881f17becb912_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70f1bd35fe34c80cc7b881f17becb912_JaffaCakes118
Size

157KB
MD5

70f1bd35fe34c80cc7b881f17becb912
SHA1

8197673c3c16d766848ca1bc3d82bd2e160a7892
SHA256

09a4d2e641595b6f824ec35fbc7f410f418f3ea5ef05908100fb9ad9bfdb4b46
SHA512

c07baab8bfa73b54ceacd587a3c6693c23ea53f669b4dfbc9993cb619e29b7fe284e7ac12affc4f6f6d8042333b8002efb3de846ff8a94a0c9ffd7679714ce72
SSDEEP

3072:DO7JQv4W4TFh3pKxSXujo20tC78nzHuThBMf9yQamAV26xUwb9GIWdpltf:DEQAW4TFZWScoCioyf9SPAqAdplp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
70f1bd35fe34c80cc7b881f17becb912_JaffaCakes118
unpack001/out.upx

Files

70f1bd35fe34c80cc7b881f17becb912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ