0b63bf2c5305340ddbd4b46a2c50980e_JaffaCakes118 | Triage

Sharing

General

Target

0b63bf2c5305340ddbd4b46a2c50980e_JaffaCakes118
Size

36KB
MD5

0b63bf2c5305340ddbd4b46a2c50980e
SHA1

c478c1b62c06547a2d83ad88c14712d34aa81092
SHA256

b88a9d8c8ec7bc3f4736b38ed05a3c9a9b7e12b5ad1a46d274a1970cefb33953
SHA512

57cdd2db4ee5a43167d1e2ad90da919ef21a4077189092b9590b1e5151cd9c748381e81a2a75e50b2c65090637a62af6d1bd4c41bc247c628b2e2dc3fec5bef5
SSDEEP

768:klCTthW3oQOJLlO4DCChLSUa5ZPaz6kCel205ZXM9OfQRBYNmynMf8:klKOJO/ynJ5Uz6+l2051M9FWM

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0b63bf2c5305340ddbd4b46a2c50980e_JaffaCakes118
unpack001/out.upx

Files

0b63bf2c5305340ddbd4b46a2c50980e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE