c169f34f28f9a20e5276e1dcea8b3e63_JaffaCakes118 | Triage

Sharing

General

Target

c169f34f28f9a20e5276e1dcea8b3e63_JaffaCakes118
Size

27KB
MD5

c169f34f28f9a20e5276e1dcea8b3e63
SHA1

4acce2ef7bc07ed535215fb6f8a81710ac7a14ef
SHA256

62e41b135c25f788f39c311b7a09edb7662b4e6037b472318dfa85ea5c1e8d64
SHA512

de5212946c3024ec42dce4464b910589e3a618588a9da2c327a097d8b6551f89e7bf996a40763c1981c6a9f40e70e8d125e3713738b8c8ca2122a33a43c7be89
SSDEEP

768:cLdFTT98t3m/fF1ommyMEKaDrO32icQitNWJD8:cD3wuwVyMEK68ctNA8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c169f34f28f9a20e5276e1dcea8b3e63_JaffaCakes118
unpack001/out.upx

Files

c169f34f28f9a20e5276e1dcea8b3e63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE