a61a10bbd12467f82c763e3f68c50d9d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a61a10bbd12467f82c763e3f68c50d9d_JaffaCakes118
Size

168KB
MD5

a61a10bbd12467f82c763e3f68c50d9d
SHA1

634dc031378346b3bcfc741af5052d364b728d61
SHA256

e68691ea3e2a797acf72c8fc56284a3ba7cbef3ec5ae7171343be32fc0b813d1
SHA512

632d21c13164d0bec5484f2287e7b7c063c9f05e4cf859e98e4196029abe718d66dae7c3147ff918ed0f71ff31c9e6b4a89730d562bf16bc9c5499cfd99dd6dc
SSDEEP

3072:l1fF7kihC0KF3lKCN8QcLhAvnkBMdVc3aAselWrylskp3JYp1:7F7kihavoA/keT0a4grylJY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a61a10bbd12467f82c763e3f68c50d9d_JaffaCakes118
unpack001/out.upx

Files

a61a10bbd12467f82c763e3f68c50d9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ