fe43e0f0aee8874e8f679bd43b07e6bb_JaffaCakes118 | Triage

Sharing

General

Target

fe43e0f0aee8874e8f679bd43b07e6bb_JaffaCakes118
Size

85KB
MD5

fe43e0f0aee8874e8f679bd43b07e6bb
SHA1

7daca62a498a04b766fe99bc1b582a742be078cc
SHA256

dafbf0f3de5c4b25f8955b651ece8266868d3ad64e34ab6a033bf7f92de1c084
SHA512

76a6f31d5ffc751b067896a85d55a317a61aee0b4eab2350896379ec5b9e81ff8b3174689842ba888f9c8c8a56bcf8452407fe2ab97ab0e4b523ea2ff4728e15
SSDEEP

1536:8T7U6kwvxwiUrqvqxQEHx0gguf2J6S8gbhHwFoLr+k/8tRk:8vU6/eHzR0gg22J1HwF8h/ER

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
fe43e0f0aee8874e8f679bd43b07e6bb_JaffaCakes118
unpack001/out.upx

Files

fe43e0f0aee8874e8f679bd43b07e6bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ