8c2bec5a122a536599b64c1747f5a4e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c2bec5a122a536599b64c1747f5a4e5_JaffaCakes118
Size

22KB
MD5

8c2bec5a122a536599b64c1747f5a4e5
SHA1

f576629eb234a0a674b9a7243ad85c11166f1932
SHA256

b2f91584a3bd736e088994935d8ec99de44970c6f6f23d61c33c57b7c6d03e59
SHA512

58e56e26d985c80d655614a14943bb4247654c62cf19903fa8eef3d9787fe4631404d140bf6b956f6a7e6095ac1581a0658cc86cd0d94d187b1102551bc2ca09
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUqtKX+59:SCIqdH/k1ZVcT194jp4qtU+X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8c2bec5a122a536599b64c1747f5a4e5_JaffaCakes118
unpack001/out.upx

Files

8c2bec5a122a536599b64c1747f5a4e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ