ea13d0d43ea4d2ee76d742d020ed56d5_JaffaCakes118 | Triage

Sharing

General

Target

ea13d0d43ea4d2ee76d742d020ed56d5_JaffaCakes118
Size

99KB
MD5

ea13d0d43ea4d2ee76d742d020ed56d5
SHA1

c2a6ff8a539282e96059fe3b88fd93e4e9bdfb6d
SHA256

c25cc1d784035d88b3b22a3d52fd9a9bef8ce5591f913df32b99d9b858420b1d
SHA512

ab7fd7f9e87b11abdbae8e84cf98004b5688a4079298d07cea45d8e17ee73fe99f4d826ca982b28be768a686146a4fba0b80127915f6b7ff887190fc361af673
SSDEEP

1536:WeF6/cq4Om2aTpZ2uFIPDlHZBqpgIGST6s+laHdqv9kjKKcU/j6:Icq4V2I2dDDBqvVcaHdq1ypcke

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ea13d0d43ea4d2ee76d742d020ed56d5_JaffaCakes118
unpack001/out.upx

Files

ea13d0d43ea4d2ee76d742d020ed56d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ