cf8bd3c4e63716f534f457127d3ea1b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf8bd3c4e63716f534f457127d3ea1b9_JaffaCakes118
Size

137KB
MD5

cf8bd3c4e63716f534f457127d3ea1b9
SHA1

9769bf9309355fc123ebf942e83cc0d249b6b751
SHA256

d8a25f6cc7c3d256cdcc0afd458a6fb0dff80e555f2676c37b83e41abc24088c
SHA512

36a16e8da8d5c1add7492eeaa78958e7cae22dc2993d2541a9e57e045f2c30ff03d8c75dc9471ea458a8ba60cf0183b0e5b5208ff5aa6fc2ec42c3395160d3c5
SSDEEP

3072:32Qri54YzA+KFH/qZs81uBz0hj14zR6GZHJYASNVLGI0MqBG1eTl:3Xi5HzLuWszz0hj14zR6cJY9vVqYQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cf8bd3c4e63716f534f457127d3ea1b9_JaffaCakes118
unpack001/out.upx

Files

cf8bd3c4e63716f534f457127d3ea1b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 189KB - Virtual size: 188KB

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size: