872d56d0c642aa126cc5b015fe230b3a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

872d56d0c642aa126cc5b015fe230b3a_JaffaCakes118
Size

95KB
MD5

872d56d0c642aa126cc5b015fe230b3a
SHA1

e9b9824bfa5d1c1ca874f4e8a9dc2da7ee18ac0b
SHA256

9bd0b22ac45af3fcc83aa8f34c4507c644c7d485782ce056aa0a4c3a058f012a
SHA512

a98e2e217c338ab077a392986d8b944c1c0ef6d3f8b7e29b39c69ea128a5ee5ca468c2d80967386a12b7722192d827748c3e1df2eb619afa2ebd706923a8cc36
SSDEEP

1536:xeJH8GRXx3IURlA+iDylJtRenPdSEpJ4/JdH/K1xVW/xUiqJga/8x7dXkRBKo:xeJHB7lATUJLeVB2RdK1xVWpaAdUCo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
872d56d0c642aa126cc5b015fe230b3a_JaffaCakes118
unpack001/out.upx

Files

872d56d0c642aa126cc5b015fe230b3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ