b0ca66f3e1aa9b50794513ad1ee1f4e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0ca66f3e1aa9b50794513ad1ee1f4e0_JaffaCakes118
Size

92KB
MD5

b0ca66f3e1aa9b50794513ad1ee1f4e0
SHA1

84429b5150d42f2c9c7b788be0bf3d3a2493439e
SHA256

e3f3fe33a5fc5f10133649043de1203bab720746eb047723d781f3d06e5dcad1
SHA512

7293ca7c38cfb2b9e23b427ce89f469cf6c3ca14e316c253e5ea8d3eea6dcf5baf69b9626ac1c234d5f35242d8fddb54f3574721151fedff61e932e59cc16c74
SSDEEP

1536:k3gLUEHWXtllWsZm5TJmOf8d9qcQXichnq/iu4RFUbbruU/8zgo:vNGUsI5TJmIrq/K2B/Sg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b0ca66f3e1aa9b50794513ad1ee1f4e0_JaffaCakes118
unpack001/out.upx

Files

b0ca66f3e1aa9b50794513ad1ee1f4e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ