882e0afd53e6649587d920a6a439ad31_JaffaCakes118 | Triage

Sharing

General

Target

882e0afd53e6649587d920a6a439ad31_JaffaCakes118
Size

30KB
MD5

882e0afd53e6649587d920a6a439ad31
SHA1

88a4bb2cb2b4a7b7038b2a74e54b6c0d59436b02
SHA256

101d48199efde55d19f49a8925132e785238aed0a78284f62e9112e102ee154f
SHA512

bfe757140c54783a3f27f573123e30b9e95987d899e9a75f41deada4df3f672de89f0668482ef93218c1335f1aac666c39df8657a4f47ebaa0c5839c5b589293
SSDEEP

384:tSJVHMQR3W+q3QBgxXp4CvTS6/0iZR5nzHhxjjXyh2wdRXto8MkyyRfl/9In0ii+:tSTncnQKXp4CX/00vn/gTNBH2nqw6z0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
882e0afd53e6649587d920a6a439ad31_JaffaCakes118
unpack001/out.upx

Files

882e0afd53e6649587d920a6a439ad31_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ