8bee67d0a3b52c418721741f2316de4e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bee67d0a3b52c418721741f2316de4e_JaffaCakes118
Size

85KB
MD5

8bee67d0a3b52c418721741f2316de4e
SHA1

23e16a1fe3a689718bfaf70258a4e53c5734e528
SHA256

d676c99a95ab14f1a9da2ad693b21a976a5cb7a70d664c5cfda2e2857e61dfe5
SHA512

01fdff561ccad1e5d8f7f64e2a9be1c6e1f9c887f8d1d2eddbc9bbbf8adb8b24e98186b056b7601c99908cf52b160c07da3dce69965932c5553924eb41559a33
SSDEEP

1536:WQW/TlpdDobfcgTP4EV3kl+oYj2JEV6wd0jSr3c/lXJoXZ5HoxHSD1A8//:o7lp5G9VXbjb6TjSr3c0YJeA2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8bee67d0a3b52c418721741f2316de4e_JaffaCakes118
unpack001/out.upx

Files

8bee67d0a3b52c418721741f2316de4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE