de31a5cf8cef5804a4a310cc389b714b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de31a5cf8cef5804a4a310cc389b714b_JaffaCakes118
Size

22KB
MD5

de31a5cf8cef5804a4a310cc389b714b
SHA1

241c58abbb536ad83bed10c437bf3a0ef3c6e12f
SHA256

74676af3df1ccdd0d7763e5a01c16ae92e41babd731c0e2ed1bb0f4b299c76f0
SHA512

1589163ef80aba97765a2667f02d94071ab8baf4e249c2ac16f1c4714eab47e617ffc5f1373a084a82874dcdb45a1ab8204a99d327b22dff56f586f50edc3e32
SSDEEP

384:WP5aCzCCl7eUttoLw8F3oPugNCyH3cfUA+ZvLHxcbfTLl:WP5a4sAMJoPu8DH4+ZvlcL/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
de31a5cf8cef5804a4a310cc389b714b_JaffaCakes118
unpack001/out.upx

Files

de31a5cf8cef5804a4a310cc389b714b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ