3ad2d689aae5b93e8980d64714dd1efa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ad2d689aae5b93e8980d64714dd1efa_JaffaCakes118
Size

170KB
MD5

3ad2d689aae5b93e8980d64714dd1efa
SHA1

b73a64ee0ccefdbc815ab16802310d72472a83fe
SHA256

0ed8e54377643a52306dcf1a986af54a54c8a92ed6f46336b687ca70592f0ed6
SHA512

5035e69c990686d13bd5ce2e157f772eff417c2dbb9872e8076e6e977f772d09480d71f3511efd2a74379a2a57b6a31e9ead46f6ac98aa6ba172664b8f4dea21
SSDEEP

3072:7ro4uVDL2kML0tU2Gaa1o31WynvV8rUQ6yVBfOWf50oRZSzkYmgkTRfN:ypMLhp67vVIUQ6AoWdAQYmZN1

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3ad2d689aae5b93e8980d64714dd1efa_JaffaCakes118
unpack001/out.upx

Files

3ad2d689aae5b93e8980d64714dd1efa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 440KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 588KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ