bf47fa9694738e01314ff051e8650d98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf47fa9694738e01314ff051e8650d98_JaffaCakes118
Size

328KB
MD5

bf47fa9694738e01314ff051e8650d98
SHA1

90a448a20430fc4e12d8ced077f41390db658b22
SHA256

6a3b3bcc1c4627b14ee5aacf8f5ecac763ae03df0dbbe3f66615e2ef31d50603
SHA512

03a9ab7b959865f3c225407cd497e01d2bd8ad03edf56d0dd9f2b3f0248e1c28cc9a99b28b28cb0c6ba6b470f11a634f2caccce68595df64e2e6c2eefc566b92
SSDEEP

6144:8HKtZ5bEwhKZ9xrE0zUWe2K5OHzjWGN8LFhsr6nN3PGr:+MEzZH6sK5OvaxhsAf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bf47fa9694738e01314ff051e8650d98_JaffaCakes118
unpack001/out.upx

Files

bf47fa9694738e01314ff051e8650d98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 323KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ