bb88e75579377a1696cd15c43715d351_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb88e75579377a1696cd15c43715d351_JaffaCakes118
Size

194KB
MD5

bb88e75579377a1696cd15c43715d351
SHA1

1f467c5d28717a6345c52037381f31ce44eb2cf2
SHA256

224ff3a2e498dd1c81fa80d77d47f15d342e9e5355aa09b8be709d2b001c9128
SHA512

1957cc1e63e5aa92d6626889724ca13945185225904646961a3002b9091b2415c6db91ff53058e9da108ac92f8a8b6118677fcefd7da06e6a447d0b915049dee
SSDEEP

3072:EHnopftzwfa3dtbhfJKcxgoHgbEkyDolbTwg+7DGb9LLGNkQtB:iCzBtbpgbJOwY7abFq/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bb88e75579377a1696cd15c43715d351_JaffaCakes118
unpack001/out.upx

Files

bb88e75579377a1696cd15c43715d351_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ