85984a032dc890a6bcd6cc18c8f2e472_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85984a032dc890a6bcd6cc18c8f2e472_JaffaCakes118
Size

54KB
MD5

85984a032dc890a6bcd6cc18c8f2e472
SHA1

3e8149043534834f6ac1df54603daa9b03a4cc48
SHA256

d81cf8bea594b220d115a2a185afc82fd0eac77872414159a7336e835897c89e
SHA512

5658a09a4d39c801bdc76117fb57fa16cc12d72da5b56b97a1ed408c6a07716dc887ee036792fe03fd4b3dc6e19e2f2d5762e7a2ffde2f62061ad5e36d05e0ad
SSDEEP

1536:UuV7GXExIf81eYsYKyiiaoDjW0s5OBJyypgmDdVd:UuVKSIU1qYTPacjW09nyypP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
85984a032dc890a6bcd6cc18c8f2e472_JaffaCakes118
unpack001/out.upx

Files

85984a032dc890a6bcd6cc18c8f2e472_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ