ebbc5d70543d509c5f66acbfb0cc6d3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebbc5d70543d509c5f66acbfb0cc6d3e_JaffaCakes118
Size

116KB
MD5

ebbc5d70543d509c5f66acbfb0cc6d3e
SHA1

babd661f5348770c0132ef31343058526287a5c1
SHA256

79e98e1d417220e6b36e691793a88039d9cde2e314c803f77a176684c9e15819
SHA512

96efe1f4954f002e9e19d7af8aab4b0631383b73e3ad34ed448b0a640c0da56a1bbf04d925c22e3f9ea732503f387abd72d7871899de5c666b034910089d7678
SSDEEP

1536:HKCiuFQJvAvUOraca6RPmDVl865wWzMU+Iit4SbZfA8vW7yi5RZDZaUlLCcyt/+K:6BGsOrlpRq13Wt4Sd78y4RCK8WQY2E8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ebbc5d70543d509c5f66acbfb0cc6d3e_JaffaCakes118
unpack001/out.upx

Files

ebbc5d70543d509c5f66acbfb0cc6d3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ