27a6ad2239288195dd7d82ef3f20f410_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27a6ad2239288195dd7d82ef3f20f410_JaffaCakes118
Size

262KB
MD5

27a6ad2239288195dd7d82ef3f20f410
SHA1

76a8bdd1b9164c4f8e434f66c9dfaae88b9507ac
SHA256

7aa009b5ec6bfe9b3e834967a7f051db232d98f5dbd3cd46d05bff68de2dbd17
SHA512

1a9dc7dfc91b9e511f8744a0017960b367667d94740cbfbd27fecf48c3ef8a680dab6491654bebe6cb7a1a2a927eaa5a49ed9e7746d7321c080c0e6ed5f73da4
SSDEEP

3072:xebLY6JyxJ0/hKa5CvnoQc6QEk587pY3lx+ixVzbM5mg9dHXbR/pY71qhqr6lKGf:xeA64J0/oa51UbBY3mbQGlKlT/f+oS

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
27a6ad2239288195dd7d82ef3f20f410_JaffaCakes118
unpack001/out.upx

Files

27a6ad2239288195dd7d82ef3f20f410_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 222KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ