d2e17327e03db5eb1dd03b86dbb00c2b_JaffaCakes118 | Triage

Sharing

General

Target

d2e17327e03db5eb1dd03b86dbb00c2b_JaffaCakes118
Size

6KB
MD5

d2e17327e03db5eb1dd03b86dbb00c2b
SHA1

64293e9df7d0cd4f8a210937328b9e57e9ea8b12
SHA256

ec5dac56424d4bc08a067d9b0ea9bcb934732f4666d885d865fe772afc2e8d1b
SHA512

97363247bd297e7f2e15f9fa678a3749e7adec43eb67669e62d45adb7338a2246515cbf9c6a3f3d9d1179b4c45c134935c701d4ab223510f1a48f1f9da18fa37
SSDEEP

96:vzc2IU0681XKdpWdclPHVtYjCLE3p5TkJPD6kbKSHLCvjachUGNYGEVEm9:vY2BdpQ8PHVKCLEnkJ60+LachUG2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d2e17327e03db5eb1dd03b86dbb00c2b_JaffaCakes118
unpack001/out.upx

Files

d2e17327e03db5eb1dd03b86dbb00c2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE