3aaa02e7adecb1cf40aebc8efa9462ca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3aaa02e7adecb1cf40aebc8efa9462ca_JaffaCakes118
Size

168KB
MD5

3aaa02e7adecb1cf40aebc8efa9462ca
SHA1

9a37c87f6b7a6f36af2b726a7b04512584fbb21c
SHA256

da1a5c2b2e7b05a0f8738db180e79d4d68aaae9af19e7cf5d71413ead6f060fb
SHA512

e33f9c9919ed38c561b1614f8378fe048eb3acbe212deed07ea8cf481ca57d5ffbe9c436fb22f31ea649177693f06ab083960eb6eccf2ee9d6338934a7e4e7ba
SSDEEP

3072:s2vTIyAjtVTNaPAm51VEa8vSDsgk5CbmaX+EtGXTuxo4YxI2ItM35A6SPaFiTV:rI1jPTNQ/Vl6SDJkigtux992ItMpAxi4

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3aaa02e7adecb1cf40aebc8efa9462ca_JaffaCakes118
unpack001/out.upx

Files

3aaa02e7adecb1cf40aebc8efa9462ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ