fa12e1ee556e653250428d37d3e13614_JaffaCakes118

General

Target

fa12e1ee556e653250428d37d3e13614_JaffaCakes118
Size

108KB
MD5

fa12e1ee556e653250428d37d3e13614
SHA1

f948f131c78fb61846d08433412f82f112029595
SHA256

1a1956a2672be77fbb094728e29f4f72662b417a7219b3e30037b8f744d0837c
SHA512

3ddedbeba7cd41a918507e19c2db4008622b80097428b6f1d0f575c88be31b725f466b6f3ca7b7160d6c32589bfb568d4fc3cdbdde3e3cc45d08ab524a3d48c3
SSDEEP

3072:L5IKX/zS9MkQUT84rfnmt2QWr2I8hviXyBcTK2yfogCKS:aKPsQSlrvmoQWr2I8IXyOvuo

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

fa12e1ee556e653250428d37d3e13614_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31
Certificate

Issuer

CN=ALWIL Software

Not Before

08/02/2011, 22:24

Not After

31/12/2039, 23:59

Subject

CN=ALWIL Software

2a:6b:e8:da:75:2c:43:82:6f:90:3f:8e:0c:de:0e:e1:8c:53:a2:5a
Signer

Actual PE Digest

2a:6b:e8:da:75:2c:43:82:6f:90:3f:8e:0c:de:0e:e1:8c:53:a2:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 109KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31Certificate

2a:6b:e8:da:75:2c:43:82:6f:90:3f:8e:0c:de:0e:e1:8c:53:a2:5aSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 102KB - Virtual size: 104KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 109KB - Virtual size: 124KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

57:f9:19:b5:96:c8:31:5e:bb:39:eb:6e:a9:7e:1a:31
Certificate

2a:6b:e8:da:75:2c:43:82:6f:90:3f:8e:0c:de:0e:e1:8c:53:a2:5a
Signer

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 102KB - Virtual size: 104KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 109KB - Virtual size: 124KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB