d707a3c6fd83ed50960adee6ea9b8d72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d707a3c6fd83ed50960adee6ea9b8d72_JaffaCakes118
Size

135KB
MD5

d707a3c6fd83ed50960adee6ea9b8d72
SHA1

5e52faaf5059376bf591e40759aba2fd0244653a
SHA256

484561dd385b6261eb21271b758697b555d8888a341839d2ed79b692f116f2c5
SHA512

d42de9fe6aad58b3dfd387be431fceb4af5e9ff57d5eb901bc00762b6118efee5d152dd06cb24fd2bd82a58850b581c8db74a5165d30f493c6ece856a9837a69
SSDEEP

3072:Z16p3Lqmf9XFulkr+D5mmgJAeq/hVHAKx4NtnsQyj/qkxdIVoKYKa5V6:Z16pLf9Gkr05gJI35ONthU9x1ya5V6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d707a3c6fd83ed50960adee6ea9b8d72_JaffaCakes118
unpack001/out.upx

Files

d707a3c6fd83ed50960adee6ea9b8d72_JaffaCakes118
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size: