bd14ce5b04b05cdcd326401a64820b50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd14ce5b04b05cdcd326401a64820b50_JaffaCakes118
Size

5KB
MD5

bd14ce5b04b05cdcd326401a64820b50
SHA1

a8c3d86ce516f227b89ea83359cab99df6e7ba68
SHA256

fdc8488efeb7c6e3f31dc0f4d3bad18c45984ed3846d573d71b267fa50563e6e
SHA512

5d2fbebd185d4a2cc7fada156a72387c48480dabe8265077554b8a10641499cd57b91b7834528e428f36490f953ff1fd322e8cd83207f21c4e851a0c7e336f6e
SSDEEP

48:KrFO1AqtLiwFIgvbNV/DqgPRMdJ/UFSeJY8JTarc9iGYd2gJgTNaslyd5o5HZ3rh:k0JceIgDNhqgPREtJG42gFCd5prfoi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bd14ce5b04b05cdcd326401a64820b50_JaffaCakes118
unpack001/out.upx

Files

bd14ce5b04b05cdcd326401a64820b50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ