cf9e5fc9e23fb9c646d241ee8c928b7a_JaffaCakes118 | Triage

Sharing

General

Target

cf9e5fc9e23fb9c646d241ee8c928b7a_JaffaCakes118
Size

652KB
MD5

cf9e5fc9e23fb9c646d241ee8c928b7a
SHA1

2612df8ee236d14dcb79e52cc209b81aa0e871ac
SHA256

bd1c50044c1730eedbfe48250adc2a8d4ce7b9db045b7694be780515f9bb6715
SHA512

a16214b20474bac2950bb7e98e7b85d536baf1932b519d59acc224635bb16c2ba2966fb7a43ee92378f796c6df71dc119d18fef8499e4b623220080b686345da
SSDEEP

6144:xDAueB55ZPxFrTGuUp9k5TozdHg5FA6MaM2+oUrCzM+U5S+GYEPZ28RIo:xsvBdPxFflik5TKURMaM2t3zzWS73Rn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cf9e5fc9e23fb9c646d241ee8c928b7a_JaffaCakes118
unpack001/out.upx

Files

cf9e5fc9e23fb9c646d241ee8c928b7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 293KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 804KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ