b4a6c0980fc9895efa15f750aefd54cf_JaffaCakes118

General

Target

b4a6c0980fc9895efa15f750aefd54cf_JaffaCakes118
Size

219KB
MD5

b4a6c0980fc9895efa15f750aefd54cf
SHA1

4a1e0c33aca5c6834d83f2f1373166a1ceed0a65
SHA256

8244fecfb58ca7c8a2f82d62a502d7ca9ea3b73d4e84f1aa19b03bf7d5b54e0a
SHA512

b1e4319f173b5d57ac4afc3e03575afd01e9b574f3ea78941c4c31114a0163b72d856b7e498cbb8f24eb4bb72bc8c397504c8967bc4f547e1288e2c88fa57842
SSDEEP

6144:sBewSJu4alkFlDtnyukxmK29C0TRg8So80:8V45a6FlwukxP2zWe8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

b4a6c0980fc9895efa15f750aefd54cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31
Certificate

Issuer

CN=ALWIL Software

Not Before

08/02/2011, 22:24

Not After

31/12/2039, 23:59

Subject

CN=ALWIL Software

3e:00:ae:29:ca:c4:51:fb:99:e7:36:f5:ae:b5:87:b5:13:8f:bf:c4
Signer

Actual PE Digest

3e:00:ae:29:ca:c4:51:fb:99:e7:36:f5:ae:b5:87:b5:13:8f:bf:c4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31Certificate

3e:00:ae:29:ca:c4:51:fb:99:e7:36:f5:ae:b5:87:b5:13:8f:bf:c4Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 213KB - Virtual size: 216KB

.rsrc Size: 4KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.text Size: 162KB - Virtual size: 396KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 74KB - Virtual size: 76KB

.rsrc Size: 4KB - Virtual size: 4KB

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31
Certificate

3e:00:ae:29:ca:c4:51:fb:99:e7:36:f5:ae:b5:87:b5:13:8f:bf:c4
Signer

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 213KB - Virtual size: 216KB

.rsrc
Size: 4KB - Virtual size: 72KB

.text
Size: 162KB - Virtual size: 396KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 74KB - Virtual size: 76KB

.rsrc
Size: 4KB - Virtual size: 4KB