151cc6e0d37af27e222dd626cc4aa293_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

151cc6e0d37af27e222dd626cc4aa293_JaffaCakes118
Size

355KB
MD5

151cc6e0d37af27e222dd626cc4aa293
SHA1

197ec7dd66e70448d474a55ee62e4dd5a4b57b67
SHA256

a84f434e6741713226209c0556e6e538b5be035bebccb634076cc4268e1661a0
SHA512

28b93da367006403acbb54a823cb5691486339226bea78ef4d270b280caa164f0005cf5291edd1c169ca84e8c6bb4ec09893af01a9309bef4c3f39a0bdb88319
SSDEEP

6144:sXQqbgdmHKK4a2av2H4kQ5S4u53ijX8noV4dxrruwsbBmvn5o/tj0yhV97StSTp0:iZPHt4a5vWDQQ4u5yjmU4dxOwYqoR7f

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
151cc6e0d37af27e222dd626cc4aa293_JaffaCakes118
unpack001/out.upx

Files

151cc6e0d37af27e222dd626cc4aa293_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 354KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE