de616963cbd69c0856828edae6ccc25d_JaffaCakes118 | Triage

Sharing

General

Target

de616963cbd69c0856828edae6ccc25d_JaffaCakes118
Size

510KB
MD5

de616963cbd69c0856828edae6ccc25d
SHA1

cfcb1da1c0d66e881792f000aa6f5bace2cb8372
SHA256

eea0ca1638a7aee7d3f817dcc00f52db604b64641a3802c7e3f7ce46ee736939
SHA512

5f3f2930e0804c878aa495980fd0575f3ee5201f1043ed6c2333c284f9225dd8af0849519b7f10e0f235316ca20a3ea1b7e383815bc7b25646b87e8429995eb2
SSDEEP

1536:lyT7+x3jeH+C+An0TOKkkTqeMOaWvBUvAAGiRHONm0BJLIHTccLK+prI:QTSx3j+BHnrKkkrMOzvBvmROXBJ8x0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de616963cbd69c0856828edae6ccc25d_JaffaCakes118

Files

de616963cbd69c0856828edae6ccc25d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE