8cfd4c96e8d528b1a24e7f1b053c3266_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cfd4c96e8d528b1a24e7f1b053c3266_JaffaCakes118
Size

89KB
MD5

8cfd4c96e8d528b1a24e7f1b053c3266
SHA1

71e9564b08a565a44a298b16f54b428b6cfb25d4
SHA256

24714930d41fc80a9a9a1f3445a7bc5833b58b6615a4f68c4b0beb121eb5ee6c
SHA512

013cd26e2f9ddd7a96d4deaa8e445ac8b56ae4da2051570c45d7cf59177d31bbb2ae47d7038292287031e90aebc7c6142a6797e60174102ed580db042a5e1e0a
SSDEEP

1536:TJ77T3gLP1NwcrTanldfBUoLopGZZwdM40D+BWmJ/AMV+oaxo0c6YI3gwByhy04d:FnT3gLP1NwcrTal9LoItiBW6/AMvL6YW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8cfd4c96e8d528b1a24e7f1b053c3266_JaffaCakes118
unpack001/out.upx

Files

8cfd4c96e8d528b1a24e7f1b053c3266_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE