dd199b7f5a8d251a81e401c7b3adf213_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd199b7f5a8d251a81e401c7b3adf213_JaffaCakes118
Size

46KB
MD5

dd199b7f5a8d251a81e401c7b3adf213
SHA1

6cdddfaa39f3e013317c911351873e6d06d012db
SHA256

c6699cdb479bd7b87b4b9a4c383f04ec53210aaf43e7dac0acfec8bd0a54d5d1
SHA512

243845e28fd83dabee1f57e8ac6ef03bb272ef3945decc828d8dcbce4b60acc3fafd9eb7e52f6c62d3fd99c2ca5aefe3f1df74c1ecbf664af4cbefd141908abb
SSDEEP

768:/WlayCbiMJwlshloYSWTdZqbPAaxoqBW+4/H+bngm84zbVsKgEYX/dqGNJo6Hz:Q8bJwlom6qbPAP2W+hgm7zbhjYFq2J/T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
dd199b7f5a8d251a81e401c7b3adf213_JaffaCakes118
unpack001/out.upx

Files

dd199b7f5a8d251a81e401c7b3adf213_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 463B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ