c16e41cf576eba487839dbb91884266d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c16e41cf576eba487839dbb91884266d_JaffaCakes118
Size

769KB
MD5

c16e41cf576eba487839dbb91884266d
SHA1

c9431a6d1cd7cb1fa7080b108cf4954adfded8e0
SHA256

f00240a7c66af6e69a002bc530029849dba3ad86efda21472f465c2dfb9a3ff6
SHA512

94d58d05e6cb5ae6735bbc0ddce8b312227e3b96c9f910831fa580dfaa5ad197fe73262fb0bbe404bfffcfd0cd4841d179014a8a694ccc0b96838a8d75ee5957
SSDEEP

24576:BsXPK0qjIAAmK0RPK0FwPqK0AI2GSIpmINvPIBhtcqwPAt:BsXC0qM0RC0Fwf02GEtrwot

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c16e41cf576eba487839dbb91884266d_JaffaCakes118
unpack001/out.upx

Files

c16e41cf576eba487839dbb91884266d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.bss
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE