9775719c20f8fc7d469ea54aee9b97d3_JaffaCakes118 | Triage

Sharing

General

Target

9775719c20f8fc7d469ea54aee9b97d3_JaffaCakes118
Size

48KB
MD5

9775719c20f8fc7d469ea54aee9b97d3
SHA1

e78d391470578777b2f654f1d4e5c53c4e522ed9
SHA256

66c4c600ba4cca6359f276759b9fd2ce82073e24242f85d06dd678e05218c3a2
SHA512

5abf561688a355e18fe181874bb3b5997f5ce9f7da8cc9deebe3a3edb30cdf750caf2c249dd85333eb63385dfa84af30c875ce2b85b10c4c570ae33bfdcf3002
SSDEEP

768:LWRnlOFZzOVeZb7LiWfR5+QTs0aMEwMfW4jW8/7k2yuK8fDpvuUNDQGF:cnlQ9l9XzBv9Ety8zk2Y8fDp7N5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9775719c20f8fc7d469ea54aee9b97d3_JaffaCakes118
unpack001/out.upx

Files

9775719c20f8fc7d469ea54aee9b97d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 704KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ