efdd62bea4c0cd38d63dd793ae934735_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efdd62bea4c0cd38d63dd793ae934735_JaffaCakes118
Size

5KB
MD5

efdd62bea4c0cd38d63dd793ae934735
SHA1

7b3089a99c8bcfdfaff0aad82584c766dc6b9d33
SHA256

99b0b7778c74e6a148e5a6ebe9992e06f7db96613638f063430d89158ae2e9d6
SHA512

7fb1b94d3bc375c7c8b4b22ae800f4d9de91ec3ba84b9f2d8d0996b3b0a4e3b2ef44940b6569a3546cd30eff5c1d978ceff4a9a2848e8c4deb3ca66a0e0eba5e
SSDEEP

96:dAUBnt11sqtETrzNill2/wcjFZgjqIPUL:dNsiOUlNcpoUL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
efdd62bea4c0cd38d63dd793ae934735_JaffaCakes118
unpack001/out.upx

Files

efdd62bea4c0cd38d63dd793ae934735_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE