86e9a9318a1a1904a801ab30de5f24d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86e9a9318a1a1904a801ab30de5f24d2_JaffaCakes118
Size

398KB
MD5

86e9a9318a1a1904a801ab30de5f24d2
SHA1

b531a6a064b09c43970b807a12f3f0dfcda3e2e0
SHA256

19fd99ea7fe077fc3bedf13087cf820254f85d436a1c27c805d83468c594e58a
SHA512

7f38bf6e19ec5d0caf5c926cba480d05e474cf2591cbc7e2a6b4047c8c6c30968fb3ac805ea40616b70337f8ff0fe64280fcb8f13cfdd7915d645d86cb65b3d0
SSDEEP

6144:3zv6JpL/57SKnj+Fl3qJJ7/8JaTjQRH88aQk3ZcWZLY19mUdjFt+YyE:D8LB7Scc0Jr8J6X8TafRs9ndRtKE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
86e9a9318a1a1904a801ab30de5f24d2_JaffaCakes118
unpack001/out.upx

Files

86e9a9318a1a1904a801ab30de5f24d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 8.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ