e16d2a688be1d485ccade3e6e438046f_JaffaCakes118 | Triage

Sharing

General

Target

e16d2a688be1d485ccade3e6e438046f_JaffaCakes118
Size

445KB
MD5

e16d2a688be1d485ccade3e6e438046f
SHA1

44c0a2134dc98725466a7630f6b0732d08e714c6
SHA256

d01901239b4a6e572eb79f781c66d199ddcea801ea34d7ba31019f2f195a074d
SHA512

6d014e00dc3287b04a1214cd4ffd42716b57b8ac2fc693152eb05f42e40b385db42bc3ae5b9e2c4d2ef72a8e37acdd65b56f8bb2908d5dcda14fe553745f8c46
SSDEEP

6144:DOeNjg93bZLRYMRL6mNIFRrJJZZHKEAtOi30FW141Hbvc0ffl7sz3BD896tbSYpC:Dr4V36LaEAtkk4hYilsNw90Oe30B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e16d2a688be1d485ccade3e6e438046f_JaffaCakes118
unpack001/out.upx

Files

e16d2a688be1d485ccade3e6e438046f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xUj1Qh8O
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_97
Size: 149KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ