783a2c884d2a47edbeb7b7694db42882_JaffaCakes118 | Triage

Sharing

General

Target

783a2c884d2a47edbeb7b7694db42882_JaffaCakes118
Size

87KB
MD5

783a2c884d2a47edbeb7b7694db42882
SHA1

06f8849355cf20ac42c77dfc2cbe0e4c8523b120
SHA256

29df23503f77f14352d44a07a375e17e11d861a140189fa96ebf8324e895efc4
SHA512

c928555d61d05365ff4df7f2f47cc572241090b4f7ca043b672242ed5e020b0948084c16484ada9e6ad939619718a77d582bdc2666a93774d6728862c74fd986
SSDEEP

1536:8logxrHk128l+RoEvchLbAMqzN569+2pNGNRkUQL2SH5bon5I+UFUF9T/cgyxRGB:iY12TWRLRcA9+WNGNRe5bo+lUFmgvl3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
783a2c884d2a47edbeb7b7694db42882_JaffaCakes118
unpack001/out.upx

Files

783a2c884d2a47edbeb7b7694db42882_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE