bf846583bcf1c51eda2289fda0d86f54_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf846583bcf1c51eda2289fda0d86f54_JaffaCakes118
Size

205KB
MD5

bf846583bcf1c51eda2289fda0d86f54
SHA1

42a5697f32c818e1453f3fd1308d18a7b630dbaa
SHA256

393c584a656c38e6a4e20ce24aa35cde219e6670bf1d4fd31f362098d700dd40
SHA512

c3a9387d57215f85f78d4cc3a18cba2b6557a78d57a356cbcce6489aaafdf32ad17439c0b50d38627578f9b1148a47ea7ce04115e2d67bf4e5dd5af617079fd5
SSDEEP

3072:fWUMFi8QYdDRpUB7TzCtslcnHtg5kgOGmvvWw7iSN4TkI32DaLRD8:DYutysl2e53OpnWwXyTkI32Mg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bf846583bcf1c51eda2289fda0d86f54_JaffaCakes118
unpack001/out.upx

Files

bf846583bcf1c51eda2289fda0d86f54_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ