a9a2fbe556aa58975d3d83b065ecc398_JaffaCakes118 | Triage

Sharing

General

Target

a9a2fbe556aa58975d3d83b065ecc398_JaffaCakes118
Size

90KB
MD5

a9a2fbe556aa58975d3d83b065ecc398
SHA1

4ed88d0e4cf3cbf0e18b68440dc7ac686955af26
SHA256

ec3252f94f3cb45fab801ab12562f3f43b675d8435ab65299d20997f1a96c503
SHA512

476f20ddeac6f3cb9ed1ed01876fe21ddb0ca4b650b4993f989b81f29bd2f2dbc5e440feed04791f1709a6aabe138f4cfc7a67c13fd688aba956cb41698d476a
SSDEEP

1536:BjzeIYuAAl5+KPg+0UO65zxJiTLYr7feKstseUBqta9GLr+k/8xID:BjCIPAAl5+KPaUO65zxJinDUBqt7h/gI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a9a2fbe556aa58975d3d83b065ecc398_JaffaCakes118
unpack001/out.upx

Files

a9a2fbe556aa58975d3d83b065ecc398_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ