9768d338c3f558e01ba38a99c94b01d3_JaffaCakes118 | Triage

Sharing

General

Target

9768d338c3f558e01ba38a99c94b01d3_JaffaCakes118
Size

88KB
MD5

9768d338c3f558e01ba38a99c94b01d3
SHA1

f2b8040fb5c64dd42f902a0da7fde6698fe4d120
SHA256

0863a52b268f06042b4582f859c4cf53f81be2a1ac3f95206fe8cfc8a6f6f2e3
SHA512

c8c1ca56fc3ff0bfec796546da29f23520958c2613963faa61a6087349bd6720d8953f1e50a35e78b938003c7cdd0c63b59e525d960b92a47573073739c934ac
SSDEEP

1536:B6j2RRGj/s1/T8RpH7NzMDZ+Zs3vqICnFnkf6MRirjr20yMFusdB22fNmW:B6j2RRr/TIYDZasfXsnkf6CqPAMFRD2q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9768d338c3f558e01ba38a99c94b01d3_JaffaCakes118
unpack001/out.upx

Files

9768d338c3f558e01ba38a99c94b01d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE