0cb671bd386873dffdfd82314dbfb356_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cb671bd386873dffdfd82314dbfb356_JaffaCakes118
Size

64KB
MD5

0cb671bd386873dffdfd82314dbfb356
SHA1

99db560561b6d55c862760a895c0b1903d5977c8
SHA256

d8a5fd11f17c1e074d446444fe9e572eb92385440737348066cfe593577dcbaa
SHA512

6b442d9047d86756157ea22c47ab9bd00025243ff934ed4d0da5a26b01c22a30303ffb042c4eb54d697db468a66b4720dd3052a90bce1d71f16551a2da246170
SSDEEP

1536:iB4WKypAgTP5MoKxbS55zBGPzgwHdjv9+ohmK9GJpKdwJJUP3sW:o4WKlgTPoxw2d79Xo+GJpKdaJUP3sW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

0cb671bd386873dffdfd82314dbfb356_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

95:fa:2a:c4:e4:b8:c8:08:c7:0b:a8:f8:7e:49:82:d5:bd:df:67:a3
Signer

Actual PE Digest

95:fa:2a:c4:e4:b8:c8:08:c7:0b:a8:f8:7e:49:82:d5:bd:df:67:a3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ