89a74b5b1c79129e211df6d2c6a03aff_JaffaCakes118 | Triage

Sharing

General

Target

89a74b5b1c79129e211df6d2c6a03aff_JaffaCakes118
Size

1.3MB
MD5

89a74b5b1c79129e211df6d2c6a03aff
SHA1

4828193394c0494b7cd5fa729d5e121493dd7688
SHA256

e5c081e79cbae14ac6adf64387500ef9ac2bf87a1a6c04e3fac3961598c57f4b
SHA512

9cf1d78c7a415d8e15c585b6db63fc476755490cd8981b14e7be1481ee6772d464ad5b8de491fe07b43878dcec2c3d124512adad79dbbd82169bc59412447e44
SSDEEP

24576:HWMPhKi/GVx/WYrS/3XBSE3/GZaWCQ/50G0W4n8J0s81RMTAkbHhB9tdJSVp:2kKIGTWv/nJmaWCQ/5P0WM8JhQuAMD9o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
89a74b5b1c79129e211df6d2c6a03aff_JaffaCakes118
unpack001/out.upx

Files

89a74b5b1c79129e211df6d2c6a03aff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ