af9685ecc63b355cc287658b18a1b765_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af9685ecc63b355cc287658b18a1b765_JaffaCakes118
Size

22KB
MD5

af9685ecc63b355cc287658b18a1b765
SHA1

2f6d1ff27219fc225292fdb5a0f6e031c5b95a2f
SHA256

b3a904409e258571e9460688590badc9a16f44d21185807096d55d4987f176d1
SHA512

be0c54a9f0d93ee67464f74bd3eb6320f3be373bca96ab8515ddb469a6ba72f0ce756c36107a5b5af74ba1eed64b9700b99603f242c3eb4986f7c2b82adbf641
SSDEEP

384:Ry/wQCUWTU385mP/TC/FSxRctVTn1827J94Ku/CT:Ry4jZV5+msGbn6Gr4fK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
af9685ecc63b355cc287658b18a1b765_JaffaCakes118
unpack001/out.upx

Files

af9685ecc63b355cc287658b18a1b765_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ