fa06f838b8f739257c0a362edcb375c5_JaffaCakes118 | Triage

Sharing

General

Target

fa06f838b8f739257c0a362edcb375c5_JaffaCakes118
Size

54KB
MD5

fa06f838b8f739257c0a362edcb375c5
SHA1

f973d50b3d811755bf780f4160cd47c18cb4f446
SHA256

14127bd7850a293eb0df61014e9f78f15747f1a49402335aa46163e4035f05a0
SHA512

5114ce20f63c0623c260a4804d80ecc2c8f670f77e776365bb164675eaf79853a7eb0808e18db4bd1139e2416381b2654fe7641f21fe87e3544bd02226f9c0d3
SSDEEP

768:y/fgmXZHU2bVV+ROcT47pyRfQfOOO0yrNsstZC+C/ige83uOese4OfPUoff:iICJxVzcT47pylvrJkage83ve4zoX

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
fa06f838b8f739257c0a362edcb375c5_JaffaCakes118
unpack001/out.upx

Files

fa06f838b8f739257c0a362edcb375c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ