838e959bdc38bd98b8b3c8dae2d98b98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

838e959bdc38bd98b8b3c8dae2d98b98_JaffaCakes118
Size

987KB
MD5

838e959bdc38bd98b8b3c8dae2d98b98
SHA1

c4fe6cba38f77be412cc4044549ae716b12d57ba
SHA256

254c22ab21d5ddbf7e8fc4290605799299a9c2efbcf715fd673c21af2f5ffcf4
SHA512

34181d00747d8e7d358055e92fe98b33d3d339e5da579dbea75bd162d46ee97a130bd506b6fb696322bbb8d605b6eec0068c2a2af4cfbb0c55a142c5a699b44d
SSDEEP

24576:Q4hxgqcXQhHUGMn5eQ0Z5a+WhbAPwq+9xU9JlEA:Qm+tXQBFMn5b0Z5ahhsP+9e9Jh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
838e959bdc38bd98b8b3c8dae2d98b98_JaffaCakes118
unpack001/out.upx

Files

838e959bdc38bd98b8b3c8dae2d98b98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 808KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 979KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ