ab9173d9dc6554e9a6cec0a703e127fe_JaffaCakes118 | Triage

Sharing

General

Target

ab9173d9dc6554e9a6cec0a703e127fe_JaffaCakes118
Size

294KB
MD5

ab9173d9dc6554e9a6cec0a703e127fe
SHA1

28db7eae491c0fbd88cbfb08d909149a152253ca
SHA256

b47a27b408803d1b99884f66b93791f16d0a9184d8d5db7235e37c4e6348b78d
SHA512

f43d693e68440a59374150068e42599487f892be822c13739737a27f82fe2bdb56d4aaeaac4a215f4148a9ea653ac84e87571238d683bc27a1af92d308ebb0bd
SSDEEP

6144:/b4/8F+AUw21YwrTQIdzd5Vh2skDJV7QtRIvNals2TVp3tU:T4/8/2PrR3Vh2sIi+NaC2TVp3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ab9173d9dc6554e9a6cec0a703e127fe_JaffaCakes118
unpack001/out.upx

Files

ab9173d9dc6554e9a6cec0a703e127fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 556KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ