db648fd5a5a084d140e1e4788c85f1ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db648fd5a5a084d140e1e4788c85f1ab_JaffaCakes118
Size

123KB
MD5

db648fd5a5a084d140e1e4788c85f1ab
SHA1

474e0be6a2aa3b9f9f8ce4a786868f58508ac971
SHA256

bb3168eb33488bdad2b73eb77a6a8835003425ec13484354747ad435670ed14a
SHA512

fec9c11592d5394a6d51fea307b28555d35af0dba15eda5ed37006b00e16397c50325a1f4ffc7729d2a2e7574da907ed4132d9899f052409c98af6864f36cfd1
SSDEEP

3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLo4i5:OVYrJrOSsRwcpi4i5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db648fd5a5a084d140e1e4788c85f1ab_JaffaCakes118

Files

db648fd5a5a084d140e1e4788c85f1ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

42vab535
Size: 62B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oqvrztrg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ