b6505e21588ec30e2319e6eda4c43ee3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6505e21588ec30e2319e6eda4c43ee3_JaffaCakes118
Size

43KB
MD5

b6505e21588ec30e2319e6eda4c43ee3
SHA1

cddf9aad6dce7e77300457ec968b2e10f8be971f
SHA256

3778a52e4e8cc450d268226d60b9497199d8f2a0a1611e1b0048b28350ee3589
SHA512

d221778239d0fac5995d5fed71c6781c9a8d30fbcf325a15d5b6c955aa0e8c104bf8e77686ce3ecaf0ecc2a2571d4e3c0219de01ee9e1b6cac9908cc5527682f
SSDEEP

384:IW4Vq90mTJ/LUq823ugbf8mqXLV8xvavNBVCjeSzub9a+CTm2b:B5N+gbXq6ELv++CTm2b

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b6505e21588ec30e2319e6eda4c43ee3_JaffaCakes118
unpack001/out.upx

Files

b6505e21588ec30e2319e6eda4c43ee3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ