d5500f0cb57eba08532beaefde9351e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5500f0cb57eba08532beaefde9351e9_JaffaCakes118
Size

125KB
MD5

d5500f0cb57eba08532beaefde9351e9
SHA1

383f74ebdc6cb41a8d9e3ec75c607459bf4ac693
SHA256

6f83bf94afc005244e32997419484a1107deef06ae159e2e2581dbd0e0893525
SHA512

2893d3e3add4825a2b02e5eeffd6c26ea40b705449aff91a8dcc74c8f9fa3860a0388b74f8d7e9c9b837a093906d6fc57ed772756c3aedd5851e993942f5ef78
SSDEEP

3072:TX+WAcpM9bTHjiClVqOrOyNyiYa9JEzokQDlaOUB1pP/xeMJCY:TBMtHNYOYij/Sr2TYpP/MY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5500f0cb57eba08532beaefde9351e9_JaffaCakes118

Files

d5500f0cb57eba08532beaefde9351e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

BSS
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clab
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CryptX
Size: 576B - Virtual size: 575B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE