aeb21995fb43bb63b02b17378da39c7f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aeb21995fb43bb63b02b17378da39c7f_JaffaCakes118
Size

198KB
MD5

aeb21995fb43bb63b02b17378da39c7f
SHA1

d5e6aab58406e8f62ebcbabf3a788a52fe5a5a8d
SHA256

09354bd668a5bc18bf1ae4cfd532d4fb4bb4940ba21f1f0f1cf62c6973e3ecfd
SHA512

84551d96dafae54edffd555b3cb7ded1782291c8e9846e72a12ac5b276f287b8830c54dbc4846fcf89835a00f7553ba46d0cfe0bc12941c0961f41e10b23ef31
SSDEEP

3072:wYu/96uCMNE3YT7iYtHY7o34QVScT/idfHyWlTBOlJ0Pf4M88gdNSyo6mxt:wYMov3gW6H6OJljISWlIoPf4MSCdH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
aeb21995fb43bb63b02b17378da39c7f_JaffaCakes118
unpack001/out.upx

Files

aeb21995fb43bb63b02b17378da39c7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ