f9a7de834b39bf6bb5c24e5779707081_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9a7de834b39bf6bb5c24e5779707081_JaffaCakes118
Size

3.1MB
MD5

f9a7de834b39bf6bb5c24e5779707081
SHA1

0d3a03b33c3858cd184462914fedaa7bda057960
SHA256

fa3098b845ca2d7a179c67e794531f7645f062f8e47755d6f5049d2bd41235f3
SHA512

b368b41380d806346a0d14a88c9cac1ff1abd85833f47645f08c40310a138e977d1f169490b61b2418ebff91f31e63d861af9a87b07e0047d33639785c29d42b
SSDEEP

98304:qm6O/AsVpAsLeKafHR5i0mxaPcyt84hfSZYBd7:qm6O/RpAsLeK6HLi0mxaPcyt84hfSZYX

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9a7de834b39bf6bb5c24e5779707081_JaffaCakes118

Files

f9a7de834b39bf6bb5c24e5779707081_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@RWinSocket@DispatchProc$qqsp6HWND__uiuil
__GetExceptDLLinfo
___CPPdebugHook

Sections

UPX0
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 846KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eXist
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE