b864ac213f7cf4bb019f26b03c290333_JaffaCakes118 | Triage

Sharing

General

Target

b864ac213f7cf4bb019f26b03c290333_JaffaCakes118
Size

869KB
MD5

b864ac213f7cf4bb019f26b03c290333
SHA1

41f9e473480fb2d077d32151498af7d41f3ba09c
SHA256

84ec9ef8fd03f5978bab7de5d31cce3a0ee5c2d2041f9e02c3feeada37d2ee61
SHA512

0c570bfbff42cb1e31098e7f4e96d3b527aa32b247f4ea2786862c473110c1ff5d6c4bf16832c040f554d1f6eae8c08cbddda33042937d0a1a2043b7a44d5673
SSDEEP

24576:qGjfDP2ulMqoq/GkZPTvEL0Uimhei0worRptYw78j:qGTDPB4qpPTvEL0UkeovYj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b864ac213f7cf4bb019f26b03c290333_JaffaCakes118
unpack001/out.upx

Files

b864ac213f7cf4bb019f26b03c290333_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 868KB - Virtual size: 868KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE