8a46c0f59b70a323038a3dda86935007_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a46c0f59b70a323038a3dda86935007_JaffaCakes118
Size

718KB
MD5

8a46c0f59b70a323038a3dda86935007
SHA1

00fa37beb05995745b69f3d8e276f7877c3174fc
SHA256

c1911e1f1fcf5aac3f806533352005b8b77a78a42cd4b1c6534db3a809da1fc7
SHA512

ece96f1cd0da7770385f3a0d25735068009545ea737aa64793e61e263c78bbba65404fe6bed21ae082af367175100895d666b441a78e1de4ddc503bcd286b6dc
SSDEEP

12288:tOugSrXh5PVnWU8OnGRAWC2bC2AYpTPf9YBCaoDz/u+juHIQ:tvgShhVW7xYwSIVn9zAIQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/EMTOWP.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EMTOWP.EXE
unpack002/out.upx

Files

8a46c0f59b70a323038a3dda86935007_JaffaCakes118
.zip
EMTOWP.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 676KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 756KB - Virtual size: 914KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ