ec0afea99c6f3a911c567d50a03fe509_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec0afea99c6f3a911c567d50a03fe509_JaffaCakes118
Size

382KB
MD5

ec0afea99c6f3a911c567d50a03fe509
SHA1

89704d252f11ffd28c075c3cf096dcfe076aac9c
SHA256

cedfdfd8f55cfece3d0201cba7ed4934475a0092c884fff52a8973639a8fb103
SHA512

e45acf46367bf671e3d3f5703007d188172682b2ddf4231229c91b4b43ed0cf40d20eb5cddf25826b3263561977f624dc5ec790c5cd3a57d928676e43f740dd1
SSDEEP

6144:fAyjfDIGmHfQSV2T9nHXMTR3oB0EE+y2vSxsBTbK77JWDi5FbJTGGxF/nO/iv94C:YyjfsfnV2m1Pftw4s5WHJ0i5Fb9G4Fm4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ec0afea99c6f3a911c567d50a03fe509_JaffaCakes118
unpack001/out.upx

Files

ec0afea99c6f3a911c567d50a03fe509_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ