c15a032e6be322e83d853401c434074a_JaffaCakes118 | Triage

Sharing

General

Target

c15a032e6be322e83d853401c434074a_JaffaCakes118
Size

750KB
MD5

c15a032e6be322e83d853401c434074a
SHA1

221dfc6836e4362a50176c115cb33e9f8fda0184
SHA256

7ddd3fac2558f71be7620220d0cd13fb5a3565f473a5437a1d17b0d9f80ea2b8
SHA512

99eca31e13e605b245ca2d9b07827d6658dd7bdcb70ce4858b352c30808ebd9bc0c45fb32309f58167ebeed922f7e7fb6bbd9c1eb4d65733708365e95276553f
SSDEEP

12288:zoOR28xiVFSdUdmBT1mQWq4J9kD6FExE+a0OhKrJ32z8B2w0WO9qsSv:z9iVcud4TkQWBJmPxQhImz+GV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c15a032e6be322e83d853401c434074a_JaffaCakes118
unpack001/out.upx

Files

c15a032e6be322e83d853401c434074a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 749KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ