ef0c35a3f2cb6273f397ac7bc0dd65f0_JaffaCakes118 | Triage

Sharing

General

Target

ef0c35a3f2cb6273f397ac7bc0dd65f0_JaffaCakes118
Size

6KB
MD5

ef0c35a3f2cb6273f397ac7bc0dd65f0
SHA1

b1401ba588fad291b3775cf316434ac40682678b
SHA256

57d7f60fb0b9abab07b84a6308e0d15ddd396f7905ef8afa9a5baf4fef48c2bb
SHA512

ca931082977794e69d3ed3b7122b205e7c579b120ad3a07c8f9ab77fb049684e53caad363186d6d60509c5dab0ec7449f0326bc0b1936e57b66b1196e647e66e
SSDEEP

48:ygYcefrLu1niCRHrH4fvZ7n74r3M3AiFx1orgVqSeJY8JTaQN6YRX0znvH4VlqH2:neG1iCREDkLMVYcI6Ywl/K

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ef0c35a3f2cb6273f397ac7bc0dd65f0_JaffaCakes118
unpack001/out.upx

Files

ef0c35a3f2cb6273f397ac7bc0dd65f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ