cfd9d34b9672a0cef5a9a7b045ca4e55_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfd9d34b9672a0cef5a9a7b045ca4e55_JaffaCakes118
Size

10KB
MD5

cfd9d34b9672a0cef5a9a7b045ca4e55
SHA1

591b1a82835548dc5cd2542eb4a093911b03dc24
SHA256

9b932a3c7e6a8d3ae263fe6edc6a2bdd04563d2158473fc909395a08c3cd8cfb
SHA512

ef382380d1af20e8941753780b71c2e7b80a92b40b74245ff802e9c144529c10d0a4a3ffe1582d8cb9a9f0b5658f06670c873d7caed723765c2a1aa5e860d499
SSDEEP

192:BIyEg/QlJxTMxgZl9NTFFkGzu6wJRgeneEftYD6FY62AbW7cO/WOc+TiZ:BIyEgolcxgZPNh+GzuXJi/EtFYAbyFVE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cfd9d34b9672a0cef5a9a7b045ca4e55_JaffaCakes118
unpack001/out.upx

Files

cfd9d34b9672a0cef5a9a7b045ca4e55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ