eb3050aaf6cdfe2c0566ddaa14f30fb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb3050aaf6cdfe2c0566ddaa14f30fb4_JaffaCakes118
Size

5KB
MD5

eb3050aaf6cdfe2c0566ddaa14f30fb4
SHA1

9ccd497fc47ea08841d08d37adc31d9ed74313d4
SHA256

7367831f603fe531a08af50eac9bf42a4da24e761f17af97cd2099306f999c15
SHA512

2fd43750f2c2a517032563c5cf293f3dfa620be950ca9c1d01d169cf647ddf68a793ac073063a9ec1e825f95f31d7833b1d401287b59b52b170d3cb45f9bd283
SSDEEP

48:ygSO4PoQVTipMbZ3+7QRHHNbgpy/7xNGSeJY8JTaeq8GWtpq9Ycccm23wCsa3oB:yO4PxmQFHNlryvGGpq9rzJsaY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
eb3050aaf6cdfe2c0566ddaa14f30fb4_JaffaCakes118
unpack001/out.upx

Files

eb3050aaf6cdfe2c0566ddaa14f30fb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ