dd65309079a5567007621ae18d42a705_JaffaCakes118 | Triage

Sharing

General

Target

dd65309079a5567007621ae18d42a705_JaffaCakes118
Size

68KB
MD5

dd65309079a5567007621ae18d42a705
SHA1

4d8926b43582ef55d99eaa0dd295abbe08a9d3bf
SHA256

c2130aa480b2a03d6c2c2fa094675a4f0307daaf01e9abd521aab9780e50c225
SHA512

485e080f7ff8e4f54113dc775ea125dde904ccc1e157d1cce0619ec4b8c38e838b75e4dcba2112a7e404ca8df26e9760e62ccddb071a0f44757ece424b9552e5
SSDEEP

1536:GtYU+tppdH3d2YTUIHUWvt0S4l9P0LY4zv5NgHiX5YDIGuTwfs9N0W4:GCU+TXXYSxHUOtel9MLYigHsNG2/vB4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
dd65309079a5567007621ae18d42a705_JaffaCakes118
unpack001/out.upx

Files

dd65309079a5567007621ae18d42a705_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ