de02ecc89abca0303aa7d0db700e427e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de02ecc89abca0303aa7d0db700e427e_JaffaCakes118
Size

353KB
MD5

de02ecc89abca0303aa7d0db700e427e
SHA1

b69adcb3b859cd2e4db16b1d4c9546d6be388e84
SHA256

4c18eb92d9fb4066e16da53bb90092f7a852747ab28cf0c98e714cb556ff0b5c
SHA512

7283f71365ef5ee6c1457c6a58401a3a4374a9b5b1b7dc1df81b927adafb6dbcd74c7bb738a5aeaba8a9521f1a2e697f122272c709b3626c46b23d02c3bf5266
SSDEEP

6144:NBmEK9t/kK9QB9M6tVBo56bHYKZtB9XyV5fZiA4Kgc8vkUacNCRLAy5kEzdq2U1O:bqtsN/VtV2w4UXy5RiAZgc8vkUac8zdR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample
unpack002/out.upx

Files

de02ecc89abca0303aa7d0db700e427e_JaffaCakes118
.gz
sample
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 355KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ