f9e1533aa387683e96b60e9494866f70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9e1533aa387683e96b60e9494866f70_JaffaCakes118
Size

27KB
MD5

f9e1533aa387683e96b60e9494866f70
SHA1

a026c1774f63ab83d6d6ec2fe737c67667cfa7ec
SHA256

b588b09f3ad3bae85a6770da4c15a2a532c4c90c985429fdc616356cb76d88d3
SHA512

b6f3f2a663f5d9f98e5420683a1a5a90d5fa47d1cf0a4aaf36dfdaea1a68722ec152519e4e9aafaddc07509e9ceafb5e0355c6242b977e4e527603b63d4313d2
SSDEEP

384:WxIy5SP/WwFFELua+H+Gs/g3x7QTQNb/Kx1mx/M3ltzAJ5BO9YFrQ8QtyuLNTR:OIy526uaV/w1BixclMOBLF3Q/Ln

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f9e1533aa387683e96b60e9494866f70_JaffaCakes118
unpack001/out.upx

Files

f9e1533aa387683e96b60e9494866f70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE