e1a0cc1596a5074a2ed397f7b71a0056_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1a0cc1596a5074a2ed397f7b71a0056_JaffaCakes118
Size

472KB
MD5

e1a0cc1596a5074a2ed397f7b71a0056
SHA1

8235e01071017b2c8ca78dc2879d80ce950a76ff
SHA256

15d4ff7535d3f9159aa96e0226d6ca34523d89f0861b7f44c6aefc47c8573a42
SHA512

7db1329c9f59a9ff0f1fc9acf1ebe3823ff363579e57459752cb19872c1d834e8e8d907cd41c4cdfa37bc66215fc9cc2323226da07c7efbc8a500a155234fbec
SSDEEP

12288:32fV38zBcXmCmqMWZVtfcu9QzMMXs8aZNn7sveaL9:AV3MARZtku2zPJcNFg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e1a0cc1596a5074a2ed397f7b71a0056_JaffaCakes118
unpack001/out.upx

Files

e1a0cc1596a5074a2ed397f7b71a0056_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ