eef34ac2017f57554229ff9fe485bb73_JaffaCakes118 | Triage

Sharing

General

Target

eef34ac2017f57554229ff9fe485bb73_JaffaCakes118
Size

72KB
MD5

eef34ac2017f57554229ff9fe485bb73
SHA1

f7d23a4e9d561b69c1f2102cfce93936ed63a9bb
SHA256

1d3a38047829167637de9948c60f76047962f3b312c740ef1ea57b2b624c8b32
SHA512

8ee04d0c7215dab898e28e3ba3659029be382b45c8543c405fb05daf9a1df300970343e9690665114b690c9ee94bf4ff40efdc5a845203e0b87bbfd8a53f1185
SSDEEP

1536:P6Tb/EmvB2F7n230znNOfVLLRpHZZnQ8WFmMvRRQuK20/9RT:P6PkDLznoVLNp5NQ8UrvBK2w9B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
eef34ac2017f57554229ff9fe485bb73_JaffaCakes118
unpack001/out.upx

Files

eef34ac2017f57554229ff9fe485bb73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ