abbd49e15cc8dcc5a1aedfc47fa013ed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abbd49e15cc8dcc5a1aedfc47fa013ed_JaffaCakes118
Size

14KB
MD5

abbd49e15cc8dcc5a1aedfc47fa013ed
SHA1

a0997db3e9e98f3fc12b4e65e86a9038b6d52a68
SHA256

bdc6c83c61da44437f61c2b4e0a3f3fe1e63b42feb71703be98c659d8e989ae9
SHA512

1ba95ef48110e0d6f519c8dea82b4ab5289432b902431e7e029132bcdae464ef023c49a5fb867e406bc2cafb29d47f0a5c010477dfe5b08e0cbdb7c50006bbb9
SSDEEP

384:sQMtki1VCQtL8DAFeTr4+s2htKSGBwDyD:Uki/CQG4Cr/hzGB8y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
abbd49e15cc8dcc5a1aedfc47fa013ed_JaffaCakes118
unpack001/out.upx

Files

abbd49e15cc8dcc5a1aedfc47fa013ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ