8929fd614d01af4d880516fc2c80a209_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8929fd614d01af4d880516fc2c80a209_JaffaCakes118
Size

43KB
MD5

8929fd614d01af4d880516fc2c80a209
SHA1

dd8c178abf0163dcdc7e60a3b54ee801c1c4a7d3
SHA256

bd91488592400cf273fdc7be224d85d52c78e6ba91654fe56c288caa0fa61ab1
SHA512

eb7503e7daa9551f3e0a3cbbd5eab54c5bf72522e2cc273b07ea6c9e166e57d2195264211d6cd9eee47878149fb9e00ec53fb61a1dc591662496e00085c0d585
SSDEEP

768:SCIqdH/k1ZVcT194jp4qoFr92tqC3vQcs8Wcy8NoyNzC21P8oR:SNqaLV8a6qodk/vBWcyM1CGHR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8929fd614d01af4d880516fc2c80a209_JaffaCakes118
unpack001/out.upx

Files

8929fd614d01af4d880516fc2c80a209_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ