c10f539c437a9b5af875c9b28a4c20bf_JaffaCakes118 | Triage

Sharing

General

Target

c10f539c437a9b5af875c9b28a4c20bf_JaffaCakes118
Size

155KB
MD5

c10f539c437a9b5af875c9b28a4c20bf
SHA1

da28325ce0ef2619609e46a2422ffe33160734a0
SHA256

3da8f63181b11ac73f97ee558c24a4746413c9feecfd5e94bbff57432c3ba388
SHA512

1af839964906244c363b05f8765c21fdf34325f598a3f6affe8fbeb6600c68b0722be45117a80dda86c8062e8b041f083aab10a9301dfc594544d2e81be6cfd4
SSDEEP

3072:tYcoxqopZbH+xJkdwapf8V36y8ixffP+pgwEbJr62l8ECZL:tYDxqkZL8JkqapflLiVfEh0xxCZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c10f539c437a9b5af875c9b28a4c20bf_JaffaCakes118
unpack001/out.upx

Files

c10f539c437a9b5af875c9b28a4c20bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 492KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ