a9c1b839e9cc82af12feaf9c2f54527c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9c1b839e9cc82af12feaf9c2f54527c_JaffaCakes118
Size

67KB
MD5

a9c1b839e9cc82af12feaf9c2f54527c
SHA1

7989c80102f935b580b4abf465efe2d86d3c037c
SHA256

f6975fa2d1b1fe1d2362673d6debff9bd14d97aa08d206e9ea9de7b351bb5677
SHA512

100f9b718888d5e82da2f36d2106c1082469ed9276bba6af519d561013e2673fec9f3a879cb011a58f5ab5afc1884d1e026a69a3ff151a47b2d283a1a3692be3
SSDEEP

1536:QdDGiy/S4MAGLhXJbvzjcazbE4BEh7yWv9EdMW/jQAjK0kZriLEmoxPtV/:QdDQs7Te4sp9k/jb36riLEmox1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a9c1b839e9cc82af12feaf9c2f54527c_JaffaCakes118
unpack001/out.upx

Files

a9c1b839e9cc82af12feaf9c2f54527c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE