748a09d76d5ef5fe3d8e9780b118885f_JaffaCakes118 | Triage

Sharing

General

Target

748a09d76d5ef5fe3d8e9780b118885f_JaffaCakes118
Size

328KB
MD5

748a09d76d5ef5fe3d8e9780b118885f
SHA1

a1f382a941923941bd02c855a0b466df31f8ce4d
SHA256

23d75b0b40e21cd8ff0109737f6a1b895fb5e5aff2056efbcc660d66487bc3fb
SHA512

1ab5c34c85d7067e2a392db1e82624e59e447dbc6706f61afc0b24cd6339871ead8e00c754501ca3f351f16218525319a11b7840a9d9d0fb66dc5310c3c091ca
SSDEEP

6144:sHKtZ5bEwhKZuxrE0zUWe2K5OHzjWGN8LFhsr6nN3PGr:uMEzZE6sK5OvaxhsAf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
748a09d76d5ef5fe3d8e9780b118885f_JaffaCakes118
unpack001/out.upx

Files

748a09d76d5ef5fe3d8e9780b118885f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 323KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ