2fa05c2662d0bc93e6cef15eb6f797b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fa05c2662d0bc93e6cef15eb6f797b3_JaffaCakes118
Size

24KB
MD5

2fa05c2662d0bc93e6cef15eb6f797b3
SHA1

35fbae0bfee4a5c007dbc9ace1a1d7d73b8cdf09
SHA256

67f9c84be3eee1021f37acbcb6cae76a69f2538430d890903f5214d5b40ad2b2
SHA512

83795ab8d00bce2e36694950ee8ec98128c344ecbcd720583e12505e008dbbeabc0b4473addb4decbafcc28e3f2d627d8410f2273f601fda7da44099d6997852
SSDEEP

384:UMYYprRqofH4lJQxN4adkHRIKTaXcvaKv1rGdcbilG5VrWQwlOVj:Ux8rRRf4lJCNExLRMdcH5VTw

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2fa05c2662d0bc93e6cef15eb6f797b3_JaffaCakes118
unpack001/out.upx

Files

2fa05c2662d0bc93e6cef15eb6f797b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ