db7f2e644e005fb9fda98441a6714d0b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db7f2e644e005fb9fda98441a6714d0b_JaffaCakes118
Size

70KB
MD5

db7f2e644e005fb9fda98441a6714d0b
SHA1

7fbcdae7a529084c18944969bce6790612a70ba6
SHA256

2fc6ecd1a9f7350efa231cc3f6711f47812a326fb1eb51338b8bc3c28741a760
SHA512

6d70b9551d5c43d08066f2fe6eb716801265795c4f6ec3689c3dcdb514ab97b2422ba14acedbda029b9ecfbce214fc75d083729b323706f201c27b7c82b4054e
SSDEEP

1536:kNG0mYcwenE7q9HljyeOB/LC7jc2WyZxPCvW4hq2ZYXXep:qPm7wenb9HnHc2WwxqvhhF2XXe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
db7f2e644e005fb9fda98441a6714d0b_JaffaCakes118
unpack001/out.upx

Files

db7f2e644e005fb9fda98441a6714d0b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ