855471667af6698cb929a15280ed527a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

855471667af6698cb929a15280ed527a_JaffaCakes118
Size

29KB
MD5

855471667af6698cb929a15280ed527a
SHA1

0625449f1205779144b224be58c720f037c7d6bd
SHA256

ec2a670959703ac6ef813e518bb5203402b699344d8fe1f9b1028d64203f8f61
SHA512

d9ed31472664b5deb04c3f4ac53bc0432987af9b3e4631b886bfe13eccc272ba252ae3db099a632e4d06d814ca9a963fb0510f9d00c091fb70c8234d466350b8
SSDEEP

384:he5izNGVspGL+7qBC+wtRYs5HZ8lrhIgSf4bMUG8b5LwxoiQRZ9d2DJZL4m1PIG:hwiMVs4LB5sZZ8XXbR3iQXv2/Ev

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
855471667af6698cb929a15280ed527a_JaffaCakes118
unpack001/out.upx

Files

855471667af6698cb929a15280ed527a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ