db6ca9b5c7afb182f681636f16cf29ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db6ca9b5c7afb182f681636f16cf29ca_JaffaCakes118
Size

35KB
MD5

db6ca9b5c7afb182f681636f16cf29ca
SHA1

900c7c39eaf50f79931b3cef5568884730f8d57c
SHA256

5af4d0e998af16bf8f8a20137930fe995df55388f5629cf49af1ce4969227442
SHA512

9dbea57e8785487ae8f2d9fd222c51cb99f5fc8b25724c10df5716ea9f6b1eeccff9f9be14f3501f69a4915adfc2fca09fad2224704f969e372b01d30dcfe203
SSDEEP

768:UtJuu0Wn+eg6TKVPNNp48LyytQIy0jHzmMq3FPhk3d/A9RpSt3QQU/R:UbYGiN9Vv3m339m3d/An45QQU/R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
db6ca9b5c7afb182f681636f16cf29ca_JaffaCakes118
unpack001/out.upx

Files

db6ca9b5c7afb182f681636f16cf29ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ