946e66c23925332c7bb6bcbad886ad2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

946e66c23925332c7bb6bcbad886ad2c_JaffaCakes118
Size

153KB
MD5

946e66c23925332c7bb6bcbad886ad2c
SHA1

c6fda1044f878b77fa4daa02e3b1e93dbb61f288
SHA256

ec1ec719e2e913cd9d1d9ee06180494f7d2b80db8c9c083cf3c58bb7cbaa1f0b
SHA512

5cdd8e2feb28669a6cfc5717e3e7d6c95dcf85e2260c312da63d8da251e69750da8f7398f76196a54ec1abae1b984137700b39a00f7af9dd6173efbf02a77724
SSDEEP

3072:kXh9A3Ej1Zu/Msr+3x64GOyC3ZbeMqn3FK4O/ytHl3qR761w8:kXl9B6LlEaJU4O/ytHl3ME

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
946e66c23925332c7bb6bcbad886ad2c_JaffaCakes118
unpack001/out.upx

Files

946e66c23925332c7bb6bcbad886ad2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 476KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ