81d087baeadf635a6081c6b6055949b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81d087baeadf635a6081c6b6055949b0_JaffaCakes118
Size

7KB
MD5

81d087baeadf635a6081c6b6055949b0
SHA1

d7069fb4e45f432acdb259192c03d5010994d8fd
SHA256

714020dca36f40246c272d74ab3238226267f33f1b576f6b0d31cc66a49f2caf
SHA512

39176628c50597c0aaedfa2cb93736508782a42f9508a6873b74f9deb2aa5d5587a3b3729646bf653d0e3e998b6069ef088c5f198680209f4c1fed9e00bcd078
SSDEEP

48:6XDKFAUr0is4rgSZ4E9FYYuDripQ9szav2y+1XXS4gAlYOzJY1krXyRDkk5i+Fqf:eGuUuSPQfVYY11GCRd5lKZD328

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
81d087baeadf635a6081c6b6055949b0_JaffaCakes118
unpack001/out.upx

Files

81d087baeadf635a6081c6b6055949b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ