e0a9e1d6c63b4ed846ea2a3bf11bf83a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0a9e1d6c63b4ed846ea2a3bf11bf83a_JaffaCakes118
Size

9KB
MD5

e0a9e1d6c63b4ed846ea2a3bf11bf83a
SHA1

f1750f5c1ce04f84a8ca3b73c69cc07e23b89364
SHA256

471945f5eee37a623a94fedf6e75fa38113d2bbaa1b295b96309581a83020d01
SHA512

7af24c59116b78c93b9cd6fd1c473ec1b61449b942acb0dc08c68facecf6ec9a63f64b9655a0a5410a4dc0a1182e85cfd3880ef7ee39d09bdacee1571f6904e8
SSDEEP

192:y/QxCzbm5n9PloDezwDr2UD+HNF6G7AC75qRDt5tXxvqb:y/Qozbmx9PuyzwDCA4NFx7AC75gDxSb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e0a9e1d6c63b4ed846ea2a3bf11bf83a_JaffaCakes118
unpack001/out.upx

Files

e0a9e1d6c63b4ed846ea2a3bf11bf83a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ