aa5151c7e524a63c55c83ae20f3b9892_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa5151c7e524a63c55c83ae20f3b9892_JaffaCakes118
Size

283KB
MD5

aa5151c7e524a63c55c83ae20f3b9892
SHA1

9ae771724a89e1d58b893f1b1a45d379185b915c
SHA256

1bddcfe53f60898d4ada5f119882f4eace1c39aae824000c39906c8d0f840c8a
SHA512

25e8d44648b36f45c54c693805485b462e250f15aedde5ec828e57e814608f353886f2a7742bf36cc4f5f034a4e2f7f8f8e90863b2b9c6cfa69c1ea26b505406
SSDEEP

6144:SwbOw01JGS3o/6jPvXmq7kRPuDlwk0v+hgCMeKc2XMm/L5paHqSW:SKOwuGiy6bTkRWDlR0GhfMFcBmT5sz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
aa5151c7e524a63c55c83ae20f3b9892_JaffaCakes118
unpack001/out.upx

Files

aa5151c7e524a63c55c83ae20f3b9892_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 277KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ