e1b9860e05ea8a16bc61c1be475fda94_JaffaCakes118

General

Target

e1b9860e05ea8a16bc61c1be475fda94_JaffaCakes118
Size

50KB
MD5

e1b9860e05ea8a16bc61c1be475fda94
SHA1

6db3445d64c8045f4fb66a1c0ce8a82e30e8634a
SHA256

6b6a6802713c55db062563c84dbb5b528e45ca82c9b208b1bf72921a4b161245
SHA512

9adc1236313cb6d757c2f63be395b014f9e1b50b7c789e143e20c2d85306d51e94402bf569570d3dad9c43c7a886ccf3af7bce7c938d471d08ea8496928dae18
SSDEEP

768:updaSB/Ng1J1g/d8DUHsYgch1+erD9DjqIEtaWgUooiNICFGg46b38Qax1kLBdr9:edrqDWt7rDdjByaFXt/3fc1k9d

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/out.upx	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e1b9860e05ea8a16bc61c1be475fda94_JaffaCakes118
unpack001/out.upx

Files

e1b9860e05ea8a16bc61c1be475fda94_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 48KB - Virtual size: 48KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 50KB - Virtual size: 50KB

.vmp0 Size: 1024B - Virtual size: 530B

.vmp1 Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 284B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 48KB - Virtual size: 48KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 50KB - Virtual size: 50KB

.vmp0
Size: 1024B - Virtual size: 530B

.vmp1
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 284B