d0771e6c3ee354a995499938edc7f0ef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0771e6c3ee354a995499938edc7f0ef_JaffaCakes118
Size

61KB
MD5

d0771e6c3ee354a995499938edc7f0ef
SHA1

343af8ed7153a448fae9957d0a7a6b1e132ea49c
SHA256

b34eff01f00fe01d257d294800b08dc41baacf32e38bec98392dcc727f968c23
SHA512

dec2864cbd0b3f355c57fe74735ad05f5d1f64fc6b041246471e1e199fc5b0b254d2abac6649071ded0d49b8427004b6fab49d7b531a9c2b3449b2f8aba92a2c
SSDEEP

1536:jMsZWDgBgeh6TL5J4HwL4CZRKGmHu6NVG3Y:Qsc5eh6TdJ4QL4gR25VX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d0771e6c3ee354a995499938edc7f0ef_JaffaCakes118
unpack001/out.upx

Files

d0771e6c3ee354a995499938edc7f0ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ