b0c1e6e69a87c31f0fbcbb5337125d6f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0c1e6e69a87c31f0fbcbb5337125d6f_JaffaCakes118
Size

155KB
MD5

b0c1e6e69a87c31f0fbcbb5337125d6f
SHA1

77d7c298e63dae46933aa4ac8e89b6e15f562259
SHA256

8994bd11e601e4cc1d751e8b8ab3fe7fb0ee655bc301cbd3eea198deaa1c86b5
SHA512

1148ad7b8c8e64573e9a04cb6b63cd1cfa69b2a6bf01fdee07805b167397e41aaac7dcc30a9377aa5cc9663af6ef9ec6be1fb1152c553172161dfe67a66577bc
SSDEEP

3072:5qi9Lf8bZ7xT2jASArVq7GAltI8+U91ny6CbZjn6UyqE1Q7+FsAdmB7YJ2j68XL9:8idf819T2jNAReGrWhy6SZjnJEIAIBGL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b0c1e6e69a87c31f0fbcbb5337125d6f_JaffaCakes118
unpack001/out.upx

Files

b0c1e6e69a87c31f0fbcbb5337125d6f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 153KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size: