109e4393d117a45ae2d24ba2ad4e7099_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

109e4393d117a45ae2d24ba2ad4e7099_JaffaCakes118
Size

368KB
MD5

109e4393d117a45ae2d24ba2ad4e7099
SHA1

de11826d25f50df4033f7c778f28149ce4a3391c
SHA256

19a2595174a435efafd406dc8fbf9bddad0e8dbc2df937fa66f93799a2d7614a
SHA512

7b5646db9455aacb9d359ed2f1577e91770c5665eec5b38242792175a12a42fed22a898a79bc95fdf4bdc9d79f56695e4b347a43ee43f84ccfd93d4d652379c6
SSDEEP

6144:3z4gYpubNc6HCSGCL1TFX2n+duS0Hv8mbnt32QPPocc6QhjuVCZ8HNb/FFi0Y:3zCpub+3tn0Xa52G7SNZqb7i0Y

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
109e4393d117a45ae2d24ba2ad4e7099_JaffaCakes118
unpack001/out.upx

Files

109e4393d117a45ae2d24ba2ad4e7099_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ