b3877790e57b2a81b13ef9670f9011b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3877790e57b2a81b13ef9670f9011b1_JaffaCakes118
Size

7KB
MD5

b3877790e57b2a81b13ef9670f9011b1
SHA1

c1f97fcdd80fe39a3a78738fd737797aa6ec3428
SHA256

d61279e97a54cbb1e3670b04a5da0642611d873d8f76701d18c9e61d964fb091
SHA512

a153130d1454d88546543ca07ed97ec77e8f04b681f8b023c8644df15706c99f557215f52da31c7abe82012783c2cae3f17183cc545fece1b70636573010c2b4
SSDEEP

192:cCzmx3+MlcU8Z36yZ8fg/a5DN8LJ8P2woy:cemVjlchfu8u

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b3877790e57b2a81b13ef9670f9011b1_JaffaCakes118
unpack001/out.upx

Files

b3877790e57b2a81b13ef9670f9011b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE