b147d4309bf6562de621347ce6da1fd6_JaffaCakes118 | Triage

Sharing

General

Target

b147d4309bf6562de621347ce6da1fd6_JaffaCakes118
Size

7KB
MD5

b147d4309bf6562de621347ce6da1fd6
SHA1

1298c1d1bafab3044024e43f5a6efd3ead3e942e
SHA256

dd24d29d56357387b0e90751ee4d334a3d6ba175236c130f5fd4e7b53bc546a3
SHA512

aa25a828f0b338b2b6316de824b2658e8574281bb2d11b37984cb87e876f70b758a4a0ad7c7f4d941eb6de8c3e8aee9d1f417659f0fc9737e627d37dc9675c59
SSDEEP

192:ttnwnYeNkiIM1I6cdGe0F6t6xb0gPrZ+HmCr:fwYgImgdGFOgALr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b147d4309bf6562de621347ce6da1fd6_JaffaCakes118
unpack001/out.upx

Files

b147d4309bf6562de621347ce6da1fd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CrypT
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Dev.
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Dr.AdNaN
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ