a9b7e1e8e47ba317cc3abceea8c1a54f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9b7e1e8e47ba317cc3abceea8c1a54f_JaffaCakes118
Size

95KB
MD5

a9b7e1e8e47ba317cc3abceea8c1a54f
SHA1

79861fe853e022254c32079324669758b3ea900a
SHA256

47b05d46903dcad657d1647607d24f7555407cd9eee25badccd2af7bfc8af957
SHA512

209acfa46e6a5fc5ce48eb1f07764f76167bf90bde946504b42072ba9b487b9f07a5d8034a193a3f857e0ee7bc62881b5ac83d82886a35fd7a5b6c486cdb069b
SSDEEP

1536:AeIGC8Ek8M+EI9TIvFM8TIvZ1yRS0oyvfQ7CJrcOLUPKhVfZq9/oyJfpAYT:nIn8Ek8M+EIxIv28AZ14o4tXZCDxp7T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a9b7e1e8e47ba317cc3abceea8c1a54f_JaffaCakes118
unpack001/out.upx

Files

a9b7e1e8e47ba317cc3abceea8c1a54f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ