e08eac6656116872f385cb642112f9ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e08eac6656116872f385cb642112f9ce_JaffaCakes118
Size

53KB
MD5

e08eac6656116872f385cb642112f9ce
SHA1

052ac7dd83e924c3399a94c29e43f0af3d5644e7
SHA256

41cfb12c0d8db4b5d2cbb246d0b89e3ccb683f4c1d7268e4b4a1d924c81ed9c4
SHA512

81a83a6ff39faced00b1712c61974001a7cef9dc653b2c2b26c3a5525c7cecbfaaf004b9831e459eb971e60e4aa01e933941da66e838208e759f1b989155b7ba
SSDEEP

768:vjZEHO5cxhQ5ePH62/lOYEG57aGz3m/tPsJntDyYhqUMHX/AhDdS57JJ3oMc:CNaaX5eGDmtUzyeqtHX/yS57n4Mc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack002/report.94875793049.pdf.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/report.94875793049.pdf.exe
unpack003/out.upx

Files

e08eac6656116872f385cb642112f9ce_JaffaCakes118
.eml
email-html-2.txt
.html
email-plain-1.txt
report.94875793049.pdf.zip
.zip
report.94875793049.pdf.exe
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ