bc16b60f5e766743d9169350bb8d3834_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc16b60f5e766743d9169350bb8d3834_JaffaCakes118
Size

15KB
MD5

bc16b60f5e766743d9169350bb8d3834
SHA1

ef84bcfaa4f23e2234b9b7171317aa3d72622b50
SHA256

0f1bfd7f76e20dfe186f96353ec4dd3431e2f721ad1632bcec2443d3a5b117d2
SHA512

58f636a51fa5f3309ea9e4f85b23759d8ab160d3eaf9b705dcb60adf8ef0bd650905ba3d2c12a6b87e38790f5eccb0bea24b678320dc0a3c85973cc9670f375b
SSDEEP

384:T0Xs6zoFt+g45Mk9gVEjUou1mFj5DL+Dn3pyjpTJQc7Tee:bFt+gP2gVwU2Fj5f+jUjd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bc16b60f5e766743d9169350bb8d3834_JaffaCakes118
unpack001/out.upx

Files

bc16b60f5e766743d9169350bb8d3834_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE