af267b0cb1c3619b2f60ca7bed262d1d_JaffaCakes118 | Triage

Sharing

General

Target

af267b0cb1c3619b2f60ca7bed262d1d_JaffaCakes118
Size

155KB
MD5

af267b0cb1c3619b2f60ca7bed262d1d
SHA1

806b7bfbfa29f9095ff9eeddaff6fea38954375c
SHA256

3162f3b87c27ac4e2abca87adb1b8f9a49e4c20dd1e80a7775b6e5cb7d8bebcd
SHA512

967f1ac939898ea790121f8acf46550a1062b8a99d6222ead287c778dd5cd38faf8d1e22facfcfbd336411b291082c3ecee5e16275fe79eadba83cf2c666aba3
SSDEEP

3072:m2huuTeu2Rz6fB2yCOZStEwcj3qX4JJ4z4Bmmz6QVgBG6zBBlI09QN7B9do:mN4B2YZStTM4kVO8SVBGue

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
af267b0cb1c3619b2f60ca7bed262d1d_JaffaCakes118
unpack001/out.upx

Files

af267b0cb1c3619b2f60ca7bed262d1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 179KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ