8a4ec9c6faac3c2a8c13e9130806e149_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a4ec9c6faac3c2a8c13e9130806e149_JaffaCakes118
Size

13KB
MD5

8a4ec9c6faac3c2a8c13e9130806e149
SHA1

a7f96f90d380fd1d243d5ca9372d22b022eb1236
SHA256

f837c7c11a3de2d75ae001b3e96def29e63636eb4e87cae379d83d190ea6c6d9
SHA512

f933a38eec872dbdcb82f7f4247b40a77bcb713c92da2db58fa90948e9d09f1b6a794efcdc267ccb1fe6423d6a43a6db4f9d0eefa58c572ac17f78a6da98707a
SSDEEP

192:zg3H6KuyrY3VvkLJDqTIOL1NGrWqyviL9TWIGyooMhN2Up8Ts7oXxYPgCmXjgEB5:c68wTImNGiLORWIG3428TdaoCWnBhNl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8a4ec9c6faac3c2a8c13e9130806e149_JaffaCakes118
unpack001/out.upx

Files

8a4ec9c6faac3c2a8c13e9130806e149_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ