edd14498921a2da98d8428ee5455db1d_JaffaCakes118 | Triage

Sharing

General

Target

edd14498921a2da98d8428ee5455db1d_JaffaCakes118
Size

189KB
MD5

edd14498921a2da98d8428ee5455db1d
SHA1

00aadc74bc3752daac442c6af36b7ce52115cc82
SHA256

c57d267370cbbe5ae6961e6977a511558510a27e382c38424420c44f7bc3cd07
SHA512

4064feac22a27b7455f3b38ceab3fa3ccfd1b8dfc0745aceeb3b2db648272413451dd39a4eb6bbd8f52447a06e5515e469ca8cbb8c7c7112d10f88b143b869ec
SSDEEP

3072:QnQXFGsrclmO0cQJvPqTRNxIAt8FQ3hINepizl/vhk+j9ZjMVVND7QzQejE5mMBM:gQ1ldcqKTKgoiINepb+j9ZjMHND7QzQ0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
edd14498921a2da98d8428ee5455db1d_JaffaCakes118
unpack001/out.upx

Files

edd14498921a2da98d8428ee5455db1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ