a53783b65d0b4fd32ac15a843d60f59e_JaffaCakes118 | Triage

Sharing

General

Target

a53783b65d0b4fd32ac15a843d60f59e_JaffaCakes118
Size

56KB
MD5

a53783b65d0b4fd32ac15a843d60f59e
SHA1

7309bca570e7cde4b8bb2e6af242a8be828c9d40
SHA256

61540c88fd0d7a99e682c74bc3e9c799282b7a92470f568d57e5c3d88a98eb59
SHA512

063d2f3ad12bc0991a41797d528c2fa95ff0a703bd287a2a1fd8107775ee904417618035d0000fab4c14ec5702636960f34f97557ebbc2118849010d4b2dd5e1
SSDEEP

768:SLY+6eI+zpl6IfHznPxXqdN3X3vl6lgqkBIk80dqo6G0Fi4WD+0A7ZDqwxmGz5kT:KYwzPznPk3N6lgR7dqPG6WD+0AMGCIK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a53783b65d0b4fd32ac15a843d60f59e_JaffaCakes118
unpack001/out.upx

Files

a53783b65d0b4fd32ac15a843d60f59e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ