2feabbd5043ac29301d551946038ca01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2feabbd5043ac29301d551946038ca01_JaffaCakes118
Size

15KB
MD5

2feabbd5043ac29301d551946038ca01
SHA1

2286fe731d3b6142eb473f72cc9d50a9ee87f0a1
SHA256

adf3a2a691dd1d81c75f35ae65b53826035e5005891f3bccb2669812e8166395
SHA512

569ebdd68003cc31e788542f834f2cda6f5c6fdc1de2b1a5163de6bead4de9853f23663852a0e1f73238b9e75305250a17634f0275c99fd390c60b218bae0a2c
SSDEEP

384:rUNtu3b6PVP/dBblKftlf22IwC2+ekvRf1wKN3vtlCf3ytJo8:AvPKlA+z+eiR/JFp88

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2feabbd5043ac29301d551946038ca01_JaffaCakes118
unpack001/out.upx

Files

2feabbd5043ac29301d551946038ca01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE