94cd0609f4d52fbcd1d1b9bba945e1d8_JaffaCakes118 | Triage

Sharing

General

Target

94cd0609f4d52fbcd1d1b9bba945e1d8_JaffaCakes118
Size

486KB
MD5

94cd0609f4d52fbcd1d1b9bba945e1d8
SHA1

676b29e100744f446fbb4e667e214f67fb32d95b
SHA256

81a5b21a55bdcce4d9c1f63acce9cbb5f435bd53aae9a44daa1b48cd2a613bf5
SHA512

bf82920437e8e92cf3e23f47c3ad539441e97bcc1a00df496672a9036e263b42016c78ec6eb9f5443ca734c5305ae7debfedff33a9be6555600ff0bb1bc32c38
SSDEEP

12288:2EzesUvuEfWbNfpCz0MwfLXoZxRoRg1CpAr5oN:dzRZEWbNfpCz0VfcZzFgp+5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
94cd0609f4d52fbcd1d1b9bba945e1d8_JaffaCakes118
unpack001/out.upx

Files

94cd0609f4d52fbcd1d1b9bba945e1d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ