bfa9afdcda621af9fc87688f14d9cdf6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfa9afdcda621af9fc87688f14d9cdf6_JaffaCakes118
Size

30KB
MD5

bfa9afdcda621af9fc87688f14d9cdf6
SHA1

e7e85116cc338a94b090bf780d0f481b28a7a955
SHA256

1af824afcc44f8c094b7ebc86aaf721ef7a62c2d59b1006c281f699b7720ce4b
SHA512

8ea9d25ef02f569fed1825550a238a3877324edfc8cd8f914071342b32beb90388a2548d0bacd0c82a3c1048f40d8b918dea9c95c661b831c4346eb481c22b92
SSDEEP

768:Lfx+fhGqrg/KYEdwYw+CdggW1EltqP9m5Yr3ftEw0PAb:zx+fkqEKYJBWMqP9m5Yr31EQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bfa9afdcda621af9fc87688f14d9cdf6_JaffaCakes118
unpack001/out.upx

Files

bfa9afdcda621af9fc87688f14d9cdf6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ