86c8af9783bf328ec7dff73a0ce47ffb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86c8af9783bf328ec7dff73a0ce47ffb_JaffaCakes118
Size

70KB
MD5

86c8af9783bf328ec7dff73a0ce47ffb
SHA1

aa5e8a8bd912219613d2c2ed7a992e3ec3878711
SHA256

dc9f6ddbe966fc3596db60f6ce21c724f29d9255e22eab4ee2eed8ddcc3b2b9d
SHA512

d6ebcc330a3e112e04ce944654fe88221fddb06814b184d91b6ce47f76348f344809446e4abf9e77e323e92ed29ab910d728abc30b81a8d03c17c465aba955b2
SSDEEP

1536:c7LkZZMeHZyCObO7jKv3oX9y0gx5fD0NqimkD0ranisXrD:ykZZMeEDbOWv3oNy0Y16Bm40raisXr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
86c8af9783bf328ec7dff73a0ce47ffb_JaffaCakes118
unpack001/out.upx

Files

86c8af9783bf328ec7dff73a0ce47ffb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ