ce0f8a1f779e5954bd2c5c5ce5d3ce8b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce0f8a1f779e5954bd2c5c5ce5d3ce8b_JaffaCakes118
Size

22KB
MD5

ce0f8a1f779e5954bd2c5c5ce5d3ce8b
SHA1

f2a37562be18517f0d889b39c514573de22e827d
SHA256

ff397fdf19665d2ce28ad20dfde3608953955bbf820cd6e51e6736eba38c7756
SHA512

b30cae3622e993e3d3f65696e8a85fb927a3947ac766132f440598bd233ed905b35ad9a56793a7dc3838b64536833fd7b5fff4a49d926733959b31bcc148b3c9
SSDEEP

384:oIjpyfhaPmY4Q/XDf0f95M0uM8sVA1yuqqjjW31nrbk6EjJmhuxu0cbfTLl:oItdm2XD8V5MbM8sukuqXqcL/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ce0f8a1f779e5954bd2c5c5ce5d3ce8b_JaffaCakes118
unpack001/out.upx

Files

ce0f8a1f779e5954bd2c5c5ce5d3ce8b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ