d66f29a77a328dd0707d5eeb5a75ca2b_JaffaCakes118 | Triage

Sharing

General

Target

d66f29a77a328dd0707d5eeb5a75ca2b_JaffaCakes118
Size

41KB
MD5

d66f29a77a328dd0707d5eeb5a75ca2b
SHA1

28844ca6a8e2b8865647e046b2fea427d9d0189a
SHA256

dde7daba64c2ba5c7bca0f069f8404363fc20b9a150e4e45431728aa4f937893
SHA512

82b13fa7b3243fdeeb646b0f5daf94e4b9c40337ff72131c19642bc7b2b189e5b5d0bbcdf1659df6bc2bdd650f4fd3b3ed5bd657f777dda11d8564175bd1c9f5
SSDEEP

768:WL8ccCrP8YtyoewgL8cDBmw62ZVkscGY7hRnay+SPZal:WL87C7bQoeVL8cD3dZmscGWvnxHxG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d66f29a77a328dd0707d5eeb5a75ca2b_JaffaCakes118
unpack001/out.upx

Files

d66f29a77a328dd0707d5eeb5a75ca2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ