8da432ff5453e5ac06e36c18a130d972_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8da432ff5453e5ac06e36c18a130d972_JaffaCakes118
Size

780KB
MD5

8da432ff5453e5ac06e36c18a130d972
SHA1

9ccaec846cee468e146b6fd46cd5cd1736b0196a
SHA256

dfe4065dce081a13a932739780e032c491c31c71b8b9f0590af82197cecfdb3f
SHA512

dc54dcb063d6024907d209fc667cae81c0ecff1f4b1078896dd71c6b49e41be89bf32415273f41d1355c2b69e591e0c2e7f4d338a73486c66bd734bfc2ddffe0
SSDEEP

12288:iwFEgKNNfQCtWeY8yWR3P3EGLxe0Djyoelz8jqMNjHL4kPuqAeeihZP:FEgIW2R3P3Lx7DjqAjqMFUk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8da432ff5453e5ac06e36c18a130d972_JaffaCakes118

Files

8da432ff5453e5ac06e36c18a130d972_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 728KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 910B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE