ff5ed4eaa40f705374b523ef58c03a72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff5ed4eaa40f705374b523ef58c03a72_JaffaCakes118
Size

144KB
MD5

ff5ed4eaa40f705374b523ef58c03a72
SHA1

d5d750e56465a0965a24ef01354a25bbc2ea23de
SHA256

59427c4281944b5f5e5ea1853994056d3edb0937d4c3eaf3c874560d42fd0919
SHA512

6fd7ceea530e8de251161d64492a5fa2250107008ff165a130c3d8aafb065e9cead577b622dcb954504b7a62084aa090ea57c5e9f0a79ee453e01ff9616d4db0
SSDEEP

3072:0SDl7vReSpx6PoEUlieGxFCSF4OFY1W18Ol+HvHpzFy:0SDNvReKx4JmQ7PqW18OlW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff5ed4eaa40f705374b523ef58c03a72_JaffaCakes118

Files

ff5ed4eaa40f705374b523ef58c03a72_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ