832bf1ba2340515b0881b00b40a7f06d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

832bf1ba2340515b0881b00b40a7f06d_JaffaCakes118
Size

84KB
MD5

832bf1ba2340515b0881b00b40a7f06d
SHA1

ddac07cb82bc46a5d6c55263e065cf59386b72a0
SHA256

7c85f07d8d30f2beb91c396f8e1de472e6beee3bc96fc2404947fa05ef0ccf4c
SHA512

2ffab59ee93d27f8f3b52c33a3536898e910892021ec690ed76ff5c4383660f04b2e2ed9a74bf32696c10a93929cce8232caa4107cd060d6e75caca2911a9fb7
SSDEEP

768:1Ed40x6tPR/toXuxiG1BZk1EWWWQhBNm4PAPTGy9xwkJiX+04jVpWIpHhESXou/U:YNxMtokVzX+04jhESbjRa3jq8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
832bf1ba2340515b0881b00b40a7f06d_JaffaCakes118
unpack001/out.upx

Files

832bf1ba2340515b0881b00b40a7f06d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ