d3808d350c0039a0aa6b506641eb4c8d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3808d350c0039a0aa6b506641eb4c8d_JaffaCakes118
Size

170KB
MD5

d3808d350c0039a0aa6b506641eb4c8d
SHA1

d676d5b4bbf3a3beef55dc49d8a46500c08f5c52
SHA256

458cb5154d18394542cc672f8f167419b7bee7d67a86f2e9a0c891220c7888e2
SHA512

52a1ea6d962710ad55cf1e3df4b444da70e6097a603a927a4268c172d7d5f951bd4149faee91cfcbddfd62f28542cee73f5f90114045de827179f1c5b3d71ebe
SSDEEP

3072:D6EwH1EEVDUYgxepVsrqWkK5YgM029hxmrtHWcix44/tn1Pi9/YsHGXPwVhO+X:DJwH1dVDUne0rqWZh+26t1PTsHGUhO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d3808d350c0039a0aa6b506641eb4c8d_JaffaCakes118
unpack001/out.upx

Files

d3808d350c0039a0aa6b506641eb4c8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ