dffe2d6fe07cb0ca622d52de264dfbf2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dffe2d6fe07cb0ca622d52de264dfbf2_JaffaCakes118
Size

9KB
MD5

dffe2d6fe07cb0ca622d52de264dfbf2
SHA1

36a06be8de240a296d6e53fea15fcc7825d835cc
SHA256

1cdeba0ce712cd4c73aac78ab78394a351731c076874080d844d4683ecfe94b1
SHA512

77ae3fc2cf5728f10ee5a2aa960e2f70099b0b2f78178b802a7ed3fc5beef064756aed35c11c55ef53cc2378b5347d24813b8a14cc7ce4d6b1a5e13e9eb8780c
SSDEEP

192:H4/6Fd8EQvFKxmgHROT+dkJY5lJ6oYGu:H4+8EQ9WJxOT+dboGu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
dffe2d6fe07cb0ca622d52de264dfbf2_JaffaCakes118
unpack001/out.upx

Files

dffe2d6fe07cb0ca622d52de264dfbf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ