c0e4902db40ab2ab8891829adc1fb560_JaffaCakes118 | Triage

Sharing

General

Target

c0e4902db40ab2ab8891829adc1fb560_JaffaCakes118
Size

306KB
MD5

c0e4902db40ab2ab8891829adc1fb560
SHA1

bed47d66d09011204cef3bdc3e4cc0b289472b14
SHA256

695b34d48d6c1c74753931572d41dd4ea54909d2e0422351ad5ca3045a3ee860
SHA512

a8d8c6f42e766bae4860b552d1658271797d2a5b5ea682c136b4cc20c39dbdd4ca26475b2d4e490a6750a7972c3273d3d6a468185cf971f2f3c84c9374e964b8
SSDEEP

6144:BVYmoP2D+6u6pBbbTkVOOPO8dtwCbVl2crOwgjMsu8SD1Co9wnmRFdPi7Io:D2Pn6uaBv4QT8dx5CpjMsu1/9wmRnPq5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c0e4902db40ab2ab8891829adc1fb560_JaffaCakes118
unpack001/out.upx

Files

c0e4902db40ab2ab8891829adc1fb560_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ