b43e31a7ced2d8389b0a2697be51f4d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b43e31a7ced2d8389b0a2697be51f4d7_JaffaCakes118
Size

56KB
MD5

b43e31a7ced2d8389b0a2697be51f4d7
SHA1

348054a866bd959b55b7ab362062252bffc6759f
SHA256

c87b404618ca9b6a6dd3183dae6b8bf0918720f0d13bba5b29fe70d8cc5bf2c8
SHA512

319e8dc2af65a4e39383ad703d5f3d93d16584b2642e70237dd083a1817ee35568c2392f5183e6ad530f95a7486de621dc3046cfe89c67669d45e39e3585e9cf
SSDEEP

768:LtlkQEfMvlL5I9w2ZTX13gR+PRhGfRLCCuF4MSiyaxAV5VfO22deGLNxp:Lt36MvlevTF3gRDrEST3VXOhdjNX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b43e31a7ced2d8389b0a2697be51f4d7_JaffaCakes118
unpack001/out.upx

Files

b43e31a7ced2d8389b0a2697be51f4d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ