a11ba165e1c0b3f2c853df646f5efbfa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a11ba165e1c0b3f2c853df646f5efbfa_JaffaCakes118
Size

20KB
MD5

a11ba165e1c0b3f2c853df646f5efbfa
SHA1

764243718e5546fa84db79e6050215a835c9276f
SHA256

25312e2c9c7f7cb8458134a63da0f868b1121fcdd6b3d14c2f88dea5c6201625
SHA512

a9f2ac522029b27021c86134f191966389db9a27bf97f9fb5a024655d77af2bf52f449343688c4ab5a1c2ca7e248945df32ae5d8a085cd2d45bed300d34573c5
SSDEEP

384:Rm3xk/isp+zjX9IYmgm8p+pgSrNu6OUXpmjx+/MaCNvefLHY8UF0:43xbsp+3lmFrNGC90aC07Y8f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a11ba165e1c0b3f2c853df646f5efbfa_JaffaCakes118
unpack001/out.upx

Files

a11ba165e1c0b3f2c853df646f5efbfa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 249B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ