7786a74bdc3139eeacf4af17cb13fc30_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7786a74bdc3139eeacf4af17cb13fc30_JaffaCakes118
Size

88KB
MD5

7786a74bdc3139eeacf4af17cb13fc30
SHA1

b54e546acc9ee06328f813babf3e8ffed89e0824
SHA256

b0be319dc6b06bcc10112c5f0ea457d84acb1327e54f5cfacfda276fd9a9569f
SHA512

e18b3df98c0b114568fd9e2c4c96cc56df2195f87c317bb2a40865cb43515b7106fadf7b53db8673d0807473694e766eace4cf67b4a367b7bf95616b87883e94
SSDEEP

1536:Uxvh3FWaUEFUr/qqo7birAoU9xnl4zbSpXEUaO3u/MSEfIRgT28L++h3zFE2J:YcaO/87bUs5lebMaO3uO2m+43zR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7786a74bdc3139eeacf4af17cb13fc30_JaffaCakes118
unpack001/out.upx

Files

7786a74bdc3139eeacf4af17cb13fc30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE