8cc199b4a54af81dae524d1e435bd40f_JaffaCakes118 | Triage

Sharing

General

Target

8cc199b4a54af81dae524d1e435bd40f_JaffaCakes118
Size

127KB
MD5

8cc199b4a54af81dae524d1e435bd40f
SHA1

49273e8b492ae903e7fbc7b75b44c1efbe588af5
SHA256

920aa69edc248741f706b475761731963a84adcdb8bfaf894da213567a13c5ff
SHA512

4b91812b909977d06cc1ae36a7e14007b6fa17ee73f6fb464025f049ed817984c4b8464645b3b75b93afda5ad7f7c5e73bc1c5fcdf276084191dc5d0658a41eb
SSDEEP

1536:12ldVq/ThQf7oYHs+xaqO8QKl3URKJm7ZGviyrga767nktZwm+oIW/SHN8:12NSmZ/xaqO8F3yKaYPM7ktZwzoIW/z

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/out.upx	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8cc199b4a54af81dae524d1e435bd40f_JaffaCakes118
unpack001/out.upx

Files

8cc199b4a54af81dae524d1e435bd40f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ