ad20fa56c3fb4aa4b913aa22498a8175_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad20fa56c3fb4aa4b913aa22498a8175_JaffaCakes118
Size

90KB
MD5

ad20fa56c3fb4aa4b913aa22498a8175
SHA1

835dfa27f3017e7b2fb2c324e528f8044550978f
SHA256

1d266a6d66be1ca839f467f9718f69c6d78b4bf86f79d195aceb5b5e06fdb4bd
SHA512

9c1bba20a873eaeed0e64eb0789616a326f8f672c109b7ea94dab2d306ef266bfd76dd562d96f1ea22f7bbd7db03c2593d5d04321c7f4deb3f1eb42dcb30a3c0
SSDEEP

1536:SeWFx6xEClGXZtvCiHEDpIOHY+uOPctLlkk7MIIK35UtzCFUCioNH4R:SRx6xEC4DvCWqY+ALlkQMMgzCyCNH4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ad20fa56c3fb4aa4b913aa22498a8175_JaffaCakes118
unpack001/out.upx

Files

ad20fa56c3fb4aa4b913aa22498a8175_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ