961710f3924cdcf61d1c62941763b1bf_JaffaCakes118 | Triage

Sharing

General

Target

961710f3924cdcf61d1c62941763b1bf_JaffaCakes118
Size

179KB
MD5

961710f3924cdcf61d1c62941763b1bf
SHA1

1e4a67204a77ce90fc9c2ddddb6b6ad8a261b6e3
SHA256

d727ce01f19da70453538f154108dc1669debc905b67458ed820939e2ae73bc7
SHA512

64b4496e2fff325405629dab64115169454c873635c41e961979be9b50eddd75929467a8e14bee0b58c84983841b50a304c6ad66ea6d2ce05a46f927eb8b5a00
SSDEEP

3072:a0Y2PnXHMWIBUofVDJroEzQkDjvrSso93FwO/IAmDKqza0nAGqJtgKqE:9Y2UJqoJJLQkDjTSF3/7mWqzoJtgKq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
961710f3924cdcf61d1c62941763b1bf_JaffaCakes118
unpack001/out.upx

Files

961710f3924cdcf61d1c62941763b1bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ