c16703f3580d420a096f6fd9508878b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c16703f3580d420a096f6fd9508878b4_JaffaCakes118
Size

199KB
MD5

c16703f3580d420a096f6fd9508878b4
SHA1

c34e25bef2f033f31217ba8e3a674d038b4eaa8b
SHA256

5f5e3f2936caeb4aa4f4170f7c3bc21183ac636b8f05b9de7f4225ed4b473971
SHA512

7d7c30f9654e7227566b1fbb4ae7ebce271f6d1fb294f7311f0f8533b65161e31d259b4121b7ae9f99b9d35419e53825ff373dd30b5e491790ec825b372e323f
SSDEEP

3072:xkDZMo8QKLQPUAX5hvlgRSOsfaIjzYl3OOnJ2bIc1fHntwLEhkmz8Zaz4Hrrg12M:etSadgQf1vg3OOJ2EmfHtyEOmz8ZRVk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c16703f3580d420a096f6fd9508878b4_JaffaCakes118
unpack001/out.upx

Files

c16703f3580d420a096f6fd9508878b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 182KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ