3f8d83fe3e5e997cdbee09966bcb313f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f8d83fe3e5e997cdbee09966bcb313f_JaffaCakes118
Size

765KB
MD5

3f8d83fe3e5e997cdbee09966bcb313f
SHA1

87e8c8c0429e2c53bb2f8566179b652ff4f6869b
SHA256

3ef0655a85059898ce110ed3e69846060f1d13df661a1b6849bdd57d7205e19c
SHA512

80bef3705bb7db8477c2f50ed45da7d8dbb4800fba2b1b3750c5841e27257e5f26350367c572709998557621827a4757f6364a06dd06d73308f09aa3f430c2c1
SSDEEP

12288:F0rlzhLLnOvVXPBIXXYWx7XsnyUPtF0Sd379+sswdKj9//k/rTcPcYYYgYYYYYYd:F09h3k1PJjnptqs9+sNdKj9//k//Ic

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3f8d83fe3e5e997cdbee09966bcb313f_JaffaCakes118
unpack001/out.upx

Files

3f8d83fe3e5e997cdbee09966bcb313f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 454KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ