234ec5fd68cd2fc80c2927c4e5b16862_JaffaCakes118 | Triage

Sharing

General

Target

234ec5fd68cd2fc80c2927c4e5b16862_JaffaCakes118
Size

153KB
MD5

234ec5fd68cd2fc80c2927c4e5b16862
SHA1

863affe6694278557d5d1797b949ebdfff5dd375
SHA256

d6b2eae2b185d2df5a6b9fa584922bf492b3b4ef55068c18fe440c371f3afae1
SHA512

b9fe4156e59ceefbfdf9d09088257fff43cf2caab197efe5687fc12a5c8efbbcc57619ef12d377e47207d0762e5bd5196d2e210d190e98e6c4ae2d5f0fae1d25
SSDEEP

3072:DXkL9Q/41qA6hg8QIWcQ10SjOq1OXp3TCRthTc7RzeAyddL7le3MRWD:TkL9XqLhhF1GOqU53W16zezHMM

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
234ec5fd68cd2fc80c2927c4e5b16862_JaffaCakes118
unpack001/out.upx

Files

234ec5fd68cd2fc80c2927c4e5b16862_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ