d14137bdf3de0a9ba151156d1e4fb2e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d14137bdf3de0a9ba151156d1e4fb2e3_JaffaCakes118
Size

51KB
MD5

d14137bdf3de0a9ba151156d1e4fb2e3
SHA1

6aef9a89f9100a8f0d3f1716f2b42b42f6e463c9
SHA256

38cb7bb01740e12eaa3ab06e8af9a13ecf8a54fa0a9d6d647462e4ca9bb73d2a
SHA512

df96d2f675a46b010f61510038a0571b88fceed5be21a012abb3988d2106770eaf6c8069cfde7384f02d8a4ede1c8af9faed963d721b2123f3912bac59039379
SSDEEP

1536:ZyCJ83hN5+DD6Iw1G0d2Ih92JMM+eHP7Bx3Z:ZyCON5+DD6ItA2IhTqXZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/Invoice_copy.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Invoice_copy.exe
unpack003/out.upx

Files

d14137bdf3de0a9ba151156d1e4fb2e3_JaffaCakes118
.eml
Invoice_copy_N#9974.zip
.zip
Invoice_copy.exe
.exe windows:7 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:7 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt