e1e3808cda127486af54178e6634c837_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1e3808cda127486af54178e6634c837_JaffaCakes118
Size

185KB
MD5

e1e3808cda127486af54178e6634c837
SHA1

c5b9f5f7f407cbc9a8af6bc6d47f8c33dc5ad026
SHA256

b9299b5e6fc4a6f10023169f7228cd868cf43c9bf8f992cce156ef53a5e7e27e
SHA512

77e62cd8da94fec6c218e42c3585eb04c84d6eaac9d986a00406becce4446b382700cc1d1f444b1268669e700d6f2b011de3924f91ed2ee27076525528ce631b
SSDEEP

3072:kRAbqgkr1JP0jhLgesuETk0/PX3upd1qnAEzYds7E7/dThEgzJw:kyu1tqh8VcOX+pd1bEz2s7ETRhEgzJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e1e3808cda127486af54178e6634c837_JaffaCakes118
unpack001/out.upx

Files

e1e3808cda127486af54178e6634c837_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ