fcafe3a4488950544f4a2acb837587ff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcafe3a4488950544f4a2acb837587ff_JaffaCakes118
Size

11KB
MD5

fcafe3a4488950544f4a2acb837587ff
SHA1

3f6a0de7224baafe1c0cdfd6ee82f77479dbe026
SHA256

23a781430ab2225aa7144c92de5700832686de3fab37772936a264a2e3ede8c9
SHA512

410a1196a0d4f8e6fd763b27841e32a7d9fce6ba773434f0627166df8bed801d326c611399ad85595f0b140b5105685140f8e009d4b826040a2155a0f31032c2
SSDEEP

192:dy2hu+f4qb9kw8y4x4ZvBfB6G1KS00Tf7QSUKiczW:dy1rqbe51GbfB6G1m97FWW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
fcafe3a4488950544f4a2acb837587ff_JaffaCakes118
unpack001/out.upx

Files

fcafe3a4488950544f4a2acb837587ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ