a91b2c06eebc1a3ee568b3cabec9f51b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a91b2c06eebc1a3ee568b3cabec9f51b_JaffaCakes118
Size

91KB
MD5

a91b2c06eebc1a3ee568b3cabec9f51b
SHA1

59bc5ee5bfc731cf2c84d50d0ad3a7b91f23633b
SHA256

692844054c3177bbb02165cd443bff8920393896ae6135f9b6a09c5ef163f453
SHA512

43ae5fc13f9f17eb96aa4499d634e6b1cf888eefffb90bf3d5b70a667f2166ce4ab063fdff5493be2588da0b927b7e390733ee10db2436e9c10786e446c05577
SSDEEP

1536:TDd3F8DK7ZqHEn140bYoN73cwSSl4t6mbF3yEWZkpdufXCi6qJGfVpcM8i/b9VyM:7827R140M9wSkmbFUZSduqG4p9h/b9V/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a91b2c06eebc1a3ee568b3cabec9f51b_JaffaCakes118
unpack001/out.upx

Files

a91b2c06eebc1a3ee568b3cabec9f51b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE