d4766e9e3b186eb11b94267a0cece1f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4766e9e3b186eb11b94267a0cece1f0_JaffaCakes118
Size

125KB
MD5

d4766e9e3b186eb11b94267a0cece1f0
SHA1

407460936e033d7635a606a751d64325b9de4cf4
SHA256

74362f465125165a07cbfb035d5be91aaba979fd6d47162ef720490720d0395e
SHA512

98735dc7d9d2aa4eb4b02f800ad3f0db96502a9717b5f46c56ae6cd43ec9e2feeab438cd55b0a1bf96929bf81ad5f448487fe18e08486bb09257d92ab0cab220
SSDEEP

3072:Ye8PQLjayVSec/w2M3yDkUYsQj0CKprW2:GPQ/SprMakUTpT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/brew-moha.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/brew-moha.exe
unpack002/out.upx

Files

d4766e9e3b186eb11b94267a0cece1f0_JaffaCakes118
.rar
BReWErS.nfo
brew-moha.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ