13811225f74f81e0a05931e8a706ce08_JaffaCakes118 | Triage

Sharing

General

Target

13811225f74f81e0a05931e8a706ce08_JaffaCakes118
Size

291KB
MD5

13811225f74f81e0a05931e8a706ce08
SHA1

35823b129856c3baa1c82602a04d94f8742498ae
SHA256

f6b57a13065c629b9af2ec88676895bfe236cc84d412ff057f5838a5251435f9
SHA512

49ecc575957d85679a7a11946d2d18a71978dc9b0e6d949c7480503c4c20effd0d741ec4c5d7f4a5074e1610a58d3dd1a166ae0b093bfde672ed5d9c9540fe4e
SSDEEP

6144:G2A7IffSacH6sUyxV9ebGLOzz0OyRbXbHbYHLpW:7rs6HimGLOzz+bYLpW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ľͷ;/ľͷ;/ľͷ;.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ľͷ;/ľͷ;/ľͷ;.exe

Files

13811225f74f81e0a05931e8a706ce08_JaffaCakes118
.zip
ľͷ;/##ע##.txt
ľͷ;/77169.orgʹð˵.txt
ľͷ;/77169.org˵.htm
.html
ľͷ;/ľͷ;/##ע##.txt
ľͷ;/ľͷ;/77169.orgʹð˵.txt
ľͷ;/ľͷ;/77169.org˵.htm
.html
ľͷ;/ľͷ;/asp/zt.asp
.vbs
ľͷ;/ľͷ;/ľͷ;.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 278KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ľͷ;/ľͷ;/ĺڿͬ.url
ľͷ;/ĺڿͬ.url