df44455c58bd00c1df83af00cba3a20d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df44455c58bd00c1df83af00cba3a20d_JaffaCakes118
Size

67KB
MD5

df44455c58bd00c1df83af00cba3a20d
SHA1

0ab53d16f4a4ad0f29d8b8b35c051857e4b12609
SHA256

621f9dfd348fce557871e50ad7f2a91d8aa4524679edae368240531958c3c821
SHA512

975133d5d4fe6532bf7931a8c588a7b179f745524de90add29e79e3310facbe3357920839bf1dcc6b56ec2d74112dd2ebb6ac6ae5fd37ddfc72c957b5b01256b
SSDEEP

1536:Wu7eIHTw21+bUmEAPR26t/U59WPGLWQ1AlDx9yUcT9Qf0Cj:WuSIzG2oR9mWsKDjD4m

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/FFF-Kg_3D-Miracle-1.73-Us.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FFF-Kg_3D-Miracle-1.73-Us.EXE
unpack002/out.upx

Files

df44455c58bd00c1df83af00cba3a20d_JaffaCakes118
.zip
FFF-Kg_3D-Miracle-1.73-Us.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FFF.NFO
FILE_ID.DIZ
keygen.nfo