ad8d0e8a36d29ec98d11d50b6a52c376_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad8d0e8a36d29ec98d11d50b6a52c376_JaffaCakes118
Size

114KB
MD5

ad8d0e8a36d29ec98d11d50b6a52c376
SHA1

a2593f15518e77de123a1ee1641132cd7dcbf32c
SHA256

1b7a58ea8815bb36bf51ecc47bdd18b7cb568f6d82c79764be55f93e50d71f41
SHA512

3e20c5743d8e6dd14339c29db8d732160c764e5b60e9579a5c2bfd0bacaa2002897a2f3d6c40558db12ff4602277cc31409ee34463a8203bc64f8bd3ecbe3c35
SSDEEP

3072:6WDDtug7PVXOzvRm/KBbzYKpxzKcHzAhF:x1lbVOmSBbzYA+cTu

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack002/out.upx	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/upx.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/upx.exe
unpack002/out.upx

Files

ad8d0e8a36d29ec98d11d50b6a52c376_JaffaCakes118
.zip
Images/_dumb-ass.bmp
Images/_fbi.bmp
Images/_fucked.bmp
Images/_hacked.bmp
Images/_hacked2.bmp
Images/_hdkp.bmp
Images/_hello.bmp
Images/_netdevil.bmp
Images/_normal.bmp
Images/_stop.bmp
Images/_sup.bmp
ReadMe.txt
Warning.txt
icons.icl
upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ