8a5d8e3ea7210b7f9e20425e05adccff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a5d8e3ea7210b7f9e20425e05adccff_JaffaCakes118
Size

10KB
MD5

8a5d8e3ea7210b7f9e20425e05adccff
SHA1

8c944fb6e51f799c42c079fb844ba651c7dad069
SHA256

ae1f6fda9797959ef4b7964209ac9513a7e6ff2330e8e9ae9c5b3fffc81b22bc
SHA512

bf0225d90c7f9c64be934dddcca8038530df0940f9ec4a8223585bfdf9131282de5449bb658b366b5c5ac1e84c7839a0754cab382d3b9480d86cde07d1c1fda7
SSDEEP

192:mNERVkNGmRY67rP2P61kEb3quAaekMBDbXwGw3qxrGP58xL:mslFVEb33Ti7wP37OxL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8a5d8e3ea7210b7f9e20425e05adccff_JaffaCakes118
unpack001/out.upx

Files

8a5d8e3ea7210b7f9e20425e05adccff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ