b3afa0b195eea071c6994d6fa59c5093_JaffaCakes118 | Triage

Sharing

General

Target

b3afa0b195eea071c6994d6fa59c5093_JaffaCakes118
Size

19KB
MD5

b3afa0b195eea071c6994d6fa59c5093
SHA1

34d5c12e4b20875940a751e7a56d742bd472e3e5
SHA256

27982acac831482f00d3ca492a6c4a0dd0b4a8e146081ded9c69a83ba396b8d1
SHA512

0744f57c0338c30137da78294ee892839b33ee98eb3eb4a831955555e759c36ba9f8a40a5fc4884f940bb6230b11a8986efebf5f7967d16340a6c11a617def1c
SSDEEP

384:xsDWp0cGxScU1J+ayR0FUaBLAP/AS0IksJnlZWl9sK0qR9kbNLA:xsqkSc2+/06gLoADI9JDWTjR9+pA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b3afa0b195eea071c6994d6fa59c5093_JaffaCakes118
unpack001/out.upx

Files

b3afa0b195eea071c6994d6fa59c5093_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ