26257a36440151c432cb0b96dadc443b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26257a36440151c432cb0b96dadc443b_JaffaCakes118
Size

631KB
MD5

26257a36440151c432cb0b96dadc443b
SHA1

433b9164c7968ae187b4e92f52889954c6a96bac
SHA256

a4ec31fa6701f466f7796cd26f1d61c447e920e29f229713a2762c6948d3b012
SHA512

ea242833bd0acb94d442052e500acaa6f4bf40921b9392b0ea24a024f491380a474cea468cf0b59840f0ceaf2f9704f0edb63dae2e5d9e1401716cb714dcaf1a
SSDEEP

12288:DEnWT67w1o3o/YrOM6Oka3PpX3gSjmoHdPJIotbY16FCZ2cAdGRO1FYw6cZ6nu:DEnghMq8P9VJZNtbwmcYGxtcZn

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
26257a36440151c432cb0b96dadc443b_JaffaCakes118
unpack001/out.upx

Files

26257a36440151c432cb0b96dadc443b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 644KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ