8c675818208703cc3292d9c2e06820dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c675818208703cc3292d9c2e06820dd_JaffaCakes118
Size

138KB
MD5

8c675818208703cc3292d9c2e06820dd
SHA1

2b58cd99181a8f9b6794f67b6c81b5bdf9a87213
SHA256

de89923c2ae8ef2d8bcf9f14b107bdfa7a2d082b6d6a2f4429fef0a05f0c8747
SHA512

9b81473cde3d2d39f21252bd4b0d925d4ca99f027fdf939c4230eacd5cd5ce9432609c60ef87aef621f908a5dcf2031d0630438c2b1f9b44a4e7143ca9f0d927
SSDEEP

3072:Tua5tqki5ACswBi2R3Pit48wMBibcJAmhmCeY03GJFldbJlIq0DvZ5FKEuPE1xs7:TBtqkiWCswBijt4sBiYJAkmCeY034lz2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8c675818208703cc3292d9c2e06820dd_JaffaCakes118
unpack001/out.upx

Files

8c675818208703cc3292d9c2e06820dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ