81d8b3f895fd7608d0ed812a7d7445d4_JaffaCakes118 | Triage

Sharing

General

Target

81d8b3f895fd7608d0ed812a7d7445d4_JaffaCakes118
Size

206KB
MD5

81d8b3f895fd7608d0ed812a7d7445d4
SHA1

868b783d0600ef9f06e069e56c5186994ec604e1
SHA256

863997d362a585c037010d65f93ee109ede22f013a34f3ae54221683c52cd8e1
SHA512

ebcc6d7d23f62e867ac0adbd796c3889317ac01d3bf3823b4b2927e1ddc3d7f68ec0af7d6edf486007a4d9721fbafb526eb58138dc76b3145ed1b5eb10830bf7
SSDEEP

6144:wegAlx9hKitWgGmqx1rvE4NwvoMlqVHc:wbEtDa1rvE4N+rlqG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
81d8b3f895fd7608d0ed812a7d7445d4_JaffaCakes118
unpack001/out.upx

Files

81d8b3f895fd7608d0ed812a7d7445d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ