d55439e97d5ee2889d518109bf1b0401_JaffaCakes118

General

Target

d55439e97d5ee2889d518109bf1b0401_JaffaCakes118
Size

218KB
MD5

d55439e97d5ee2889d518109bf1b0401
SHA1

79ab6dfb00733a088f9ddbee599ef4d8a0ce3b2c
SHA256

f605e6789e5783821c8bead06d84e5bbfd1a5f9a9497e589fc868f9eefd8e1c6
SHA512

2db9d485760215cb9e2a1993fbd2860e30935abcbd04799f4948626962e9ceba413dd14d5e8cc9b903cd136edeb60e7e57ae12a42032a71b7aefb6df57acacfe
SSDEEP

6144:ui8k3QprOj8JSVxpazJQC8ilPW0mC2SKOgbYvTykaNI:ek3QpSoJysvPW0ltKOFcN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d55439e97d5ee2889d518109bf1b0401_JaffaCakes118
unpack001/out.upx

Files

d55439e97d5ee2889d518109bf1b0401_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_copy_named_substring
pcre_copy_substring
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_maketables
pcre_malloc
pcre_stack_free
pcre_stack_malloc
pcre_study

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 616KB

UPX1 Size: 215KB - Virtual size: 216KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 242KB - Virtual size: 241KB

.reloc Size: 35KB - Virtual size: 34KB

UPX0
Size: - Virtual size: 616KB

UPX1
Size: 215KB - Virtual size: 216KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 242KB - Virtual size: 241KB

.reloc
Size: 35KB - Virtual size: 34KB