3a46417c69016653d736e8db3ac3ae2a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a46417c69016653d736e8db3ac3ae2a_JaffaCakes118
Size

185KB
MD5

3a46417c69016653d736e8db3ac3ae2a
SHA1

e946f13e5aefb96946fad41bf01e92c8c892b9ca
SHA256

3cc7d05dce07603910e1b5e4546a9260d14a807fdaf009df31665272c09f7d1d
SHA512

c1b9f75c9b903d23e075b6be4aea0398579704a0138ce4c2b959f15497867aa9d1bb179a17f3d7d1c9634c9164041af2af99300c7e5b03575155e301613a52bd
SSDEEP

3072:lzSuPtfFy8Pe9J4cL6OtjjJOiF/1VTUQ7h4H0hB3p7wjy0UvvPa20bJvjouFUAiB:lz//PWJ4Mnp9TRmHKBZkj3UHC20bhoTc

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3a46417c69016653d736e8db3ac3ae2a_JaffaCakes118
unpack001/out.upx

Files

3a46417c69016653d736e8db3ac3ae2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 35.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_READ

.ndata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 35.3MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_MEM_READ