38c45c0d0b94f17a8b79914f1e13466a_JaffaCakes118 | Triage

Sharing

General

Target

38c45c0d0b94f17a8b79914f1e13466a_JaffaCakes118
Size

33KB
MD5

38c45c0d0b94f17a8b79914f1e13466a
SHA1

86027c696afc504a8d0ec4b8f9a70ccc41d5302e
SHA256

1ddc3e0f20af28b3b0cacca1c2de5fada8d67df12e92a9b2b9314f218b43d102
SHA512

331d084a29b14697d304265bb7ffdb181c7c008e6c93c9141d1e1a9730aab1329f3bf41a05c0a6ac3b1275501a6765e354c69d90956aa4b82a4e3d7aab7704ca
SSDEEP

384:qCFJ6xvBWCF+eARbepVI5I6uQ86K39DOLIG5pXaQPFtNat8adUJQbSW4df768QuR:qCFJ610eAJepVe/86K3VoFPYNG/X7M2

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
38c45c0d0b94f17a8b79914f1e13466a_JaffaCakes118
unpack001/out.upx

Files

38c45c0d0b94f17a8b79914f1e13466a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ