0a1a00c825eeab62d524d83520515d53_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a1a00c825eeab62d524d83520515d53_JaffaCakes118
Size

351KB
MD5

0a1a00c825eeab62d524d83520515d53
SHA1

c17bd5677c21e939c2af723aa9f8254cecbb9fd9
SHA256

ea79b49796ae908aae191b49ce81a38f669c664b5b57c8f53e4b2b1016fb6dbb
SHA512

88845161d84bb306e775d2d2eb08776733efd8c3a438d4d788c4da853a6d0ce360c206185a17db898775dc41f3d32768159be4d507ce0e9cda3fe075171ee52f
SSDEEP

3072:vjr5ELbGnzi+aoJjr5ELbGnzi+ao/ptWpxyng+E2+YcJBX8XrLxUW6kZljK4os1O:BhXaKhXaAt9rE7MXyW6kAs1IZoF5d2

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a1a00c825eeab62d524d83520515d53_JaffaCakes118

Files

0a1a00c825eeab62d524d83520515d53_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE