d3d0a5a24ae8cf2bda4feff06aee2b00_JaffaCakes118 | Triage

Sharing

General

Target

d3d0a5a24ae8cf2bda4feff06aee2b00_JaffaCakes118
Size

176KB
MD5

d3d0a5a24ae8cf2bda4feff06aee2b00
SHA1

68f1ca4f232b46a307db69afdb61d10b753aa2b5
SHA256

46772b3111a43b9299cdf9d08f528e3c87b2467f4e3d229fa96e7a578e2d2dc0
SHA512

f3039b80acfa568a5d9b1b08aeef93b2cfbea514115e909c5b27033a290396832ad899a18eb0181e6fca216342717b3d7bd2edbf41f7f6280f07ea9b0e8d2fd7
SSDEEP

3072:E6J5O//46FLEeoL9LsUUIrkOz8dLqJJyuHSDZEsLZfYFs:fU/4MBU+U1rZ5StZw2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d3d0a5a24ae8cf2bda4feff06aee2b00_JaffaCakes118
unpack001/out.upx

Files

d3d0a5a24ae8cf2bda4feff06aee2b00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 640KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ