b1c0dc6a57d2e8d98f66293daa16c5eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1c0dc6a57d2e8d98f66293daa16c5eb_JaffaCakes118
Size

1.2MB
MD5

b1c0dc6a57d2e8d98f66293daa16c5eb
SHA1

8ea84d2c184318d1917401872c57979e285412d7
SHA256

46d1e53380c0e4de288a7d70c29e669b000944a9ebc1754bd8af8d46c75d9d87
SHA512

0d55fdc4fd55ffa45f48c15476f8d180f3fc775c540e44b96ee29ad906302852e52f1f506640bbe1a700b72567216d499a7dd65d71651a5d987de5bf44c9f87b
SSDEEP

24576:7zB0Ik6rTU0xwFAInyLMl0Inp9P1OpyuNGD3OtFnd/JXq0QDi0t:RpTUywiInyLMio9P1OpyUy+9/laDx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b1c0dc6a57d2e8d98f66293daa16c5eb_JaffaCakes118
unpack001/out.upx

Files

b1c0dc6a57d2e8d98f66293daa16c5eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 943KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ