d610dc4ec1936296a1159105e56e3771_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d610dc4ec1936296a1159105e56e3771_JaffaCakes118
Size

175KB
MD5

d610dc4ec1936296a1159105e56e3771
SHA1

894df8c77cfb2d33865da6c4c7c4a484f0d46280
SHA256

791ec1dfbd6e81398986642aa510e16713d603b24cddf2edbc9108b3684b3531
SHA512

382ed55b59188b6be64851832e3efb03234ae059d49a1edb0b1fb02a602c52db3a42d29c4c3058e8ea55cdc8af5f4f4b696b08fe4021efb2d1222ae5df044a28
SSDEEP

3072:5EjVHeXUTN4Ns1vJxrOL60AD85h3/Cz+ZYyXGdoyQdFKj3kCTN9SJC0ekT:5EjVLTONWJxrOLw85Z/7lDUjNj70ew

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d610dc4ec1936296a1159105e56e3771_JaffaCakes118
unpack001/out.upx

Files

d610dc4ec1936296a1159105e56e3771_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ