8bf9f7c2a6eb35bcda864d9eabb93c70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bf9f7c2a6eb35bcda864d9eabb93c70_JaffaCakes118
Size

10KB
MD5

8bf9f7c2a6eb35bcda864d9eabb93c70
SHA1

637fdd5abe1e8ec50cb86d0a90c82cf6a2fbbbf8
SHA256

294a03e278e00e2026b12905ddace43e7811dbade6b5c92c466553bf0e7f537c
SHA512

010552499f809a10c1467ca9e4b1c400529993ec402160e8a1a8ef2a1cab71b919bfa1d0ba7f3a9e6932cfa9586394a5d5c40b38b9731fb243e714537290d7bf
SSDEEP

192:gDDs/PymtkVLmb7PJyPYJXOEReuk5wubEA65MHkUNI2JU7c4s7:gL5mHPJhOUM65MxN87c4E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Album-Dick.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Album-Dick.exe
unpack002/out.upx

Files

8bf9f7c2a6eb35bcda864d9eabb93c70_JaffaCakes118
.zip
Album-Dick.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ