c20d6f3d8128bca1e8eb54c00c6a210b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c20d6f3d8128bca1e8eb54c00c6a210b_JaffaCakes118
Size

442KB
MD5

c20d6f3d8128bca1e8eb54c00c6a210b
SHA1

216031e226db1a37df99bb4aa1f0d66b5a795949
SHA256

73da6e9641bf7307c1c5ee2df2f261fa9a35fade79eeb5cb56f20824e90c7e9a
SHA512

2c10e113a2f2e758fb29a65637b74f4ebecbfe3818342e97f61d11e63d9828b5a7b8318c148d01948757d8dd3fb3cd1a0b5079accd39eac0c4b4e119ebb63fc0
SSDEEP

12288:le1AzKWP7pJJYyuiZ101K/10ipw+4X4klj3C:lvJdky+101e+4X4kljy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c20d6f3d8128bca1e8eb54c00c6a210b_JaffaCakes118
unpack001/out.upx

Files

c20d6f3d8128bca1e8eb54c00c6a210b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ