305c194730d67d4701caf2df88e84cba_JaffaCakes118

General

Target

305c194730d67d4701caf2df88e84cba_JaffaCakes118
Size

459KB
MD5

305c194730d67d4701caf2df88e84cba
SHA1

dd0b2f1e2c817d46aaf9937f3f0cdec09146210c
SHA256

7e7640510bf9c8444cb283098658a0e5a0c4027d1a17ac9298257baca0712159
SHA512

bac37ccc564992c3c2e82ff3345b2988d79ffe44dc5b9edce3b248e6c8729dc5f740fa65ca5c75335e3b1667e36c09cacc467ca2b1554d0c49194ea0c4379639
SSDEEP

12288:uxm/cAUZPvp0Y35yjJQoS92HbZzdZuYuN:B0AUdvyYSQoSUHFz/U

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
305c194730d67d4701caf2df88e84cba_JaffaCakes118
unpack001/out.upx

Files

305c194730d67d4701caf2df88e84cba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CTPImage@@QAE@ABV0@@Z
??0CTPImage@@QAE@XZ
??1CTPImage@@UAE@XZ
??4CPixel@@QAEAAU0@ABU0@@Z
??4CTPImage@@QAEAAV0@ABV0@@Z
??8CPixel@@QAEHU0@@Z
??9CPixel@@QAEHU0@@Z
??GCPixel@@QAEHU0@@Z
??YCPixel@@QAEXH@Z
??ZCPixel@@QAEXH@Z
??_7CTPImage@@6B@
?BuildGrayChannel@CTPImage@@QAEKXZ
?ChannelFrom@CTPImage@@QAEHPAVCTPChannel@@H@Z
?ComputeLaplasToAlpha@CTPImage@@QAEXXZ
?Create@CTPImage@@QAEJII@Z
?CreateNewInstance@CTPImage@@SAPAV1@XZ
?DuplicateFrom@CTPImage@@QAEHPAV1@@Z
?Free@CTPImage@@QAEXXZ
?GetAreaByteSize@CTPImage@@QAEIXZ
?GetAveragePixel@CTPImage@@QAE?AUCPixel@@XZ
?GetBuffer@CTPImage@@QAEPAUCPixel@@HH@Z
?GetGray2@CPixel@@QAEEXZ
?GetGray@CPixel@@QAEEXZ
?GetPixel2@CTPImage@@QAE?AUCPixel@@HH@Z
?GetPixel@CTPImage@@QAEKHH@Z
?GetSafePixel@CTPImage@@QAE?AUCPixel@@HH@Z
?GetSize@CTPImage@@QAEXAAI0@Z
?LoadFromFile@CTPImage@@QAEJPAD@Z
?PutPixel@CTPImage@@QAEXHHUCPixel@@@Z
?SaveToFile@CTPImage@@QAEJPAD@Z

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 84KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 40KB - Virtual size: 42KB

.rsrc Size: 24KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 84KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 40KB - Virtual size: 42KB

.rsrc
Size: 24KB - Virtual size: 21KB