cf605cfbaf23075a4c6d944e58c2b851_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf605cfbaf23075a4c6d944e58c2b851_JaffaCakes118
Size

24KB
MD5

cf605cfbaf23075a4c6d944e58c2b851
SHA1

802fc2119bfe3929c986c3d5b62ec50382e314f6
SHA256

488d54c96201c2beab33c0159fc82d5592a5ba22ec2f5cc5c2eb41e9c1e9c32d
SHA512

b11aa2140e9e8593e880cd9b50afef4719a7d126f70f3d6c2e07983ca0b8e4c084c98a6b03eb2c080e286a5e4e2522a902df18e884c776a51a340e65e330a9f0
SSDEEP

384:ljLz+ePTeoHrf/PR6AtGSe/sehEnT66Hr961EE0TfI/VFdygEmdg0d:lj/+ePT3HTR7tGDUeqHr9fECA/77EK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cf605cfbaf23075a4c6d944e58c2b851_JaffaCakes118
unpack001/out.upx

Files

cf605cfbaf23075a4c6d944e58c2b851_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ