a81ed921e77349cb7163492c1c191898_JaffaCakes118 | Triage

Sharing

General

Target

a81ed921e77349cb7163492c1c191898_JaffaCakes118
Size

87KB
MD5

a81ed921e77349cb7163492c1c191898
SHA1

01fda9c500caa95141a9278cb9db1dc815145ecb
SHA256

b90f2f8593e19c8800ae83ddf5f0ec19e29c542a28f87eb5c8d20f525d3be047
SHA512

b260caa2e9742c8914e3fcc19682a9543f700207f49ef61af821c271c59ed030f7782094b48e6da8d9c1be5f335f8a760be057e765046907e0a04480fd0ce012
SSDEEP

1536:fp+2+RiGAHVhOlOJq6zUlaH5OdQiSk7fLE2Q3yZI2+xYf+eaG+UpVsAL:fYfiGA16tGcLLE3CZI/YWeeUzsg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a81ed921e77349cb7163492c1c191898_JaffaCakes118
unpack001/out.upx

Files

a81ed921e77349cb7163492c1c191898_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE