409f880fa2ba2788db203d71c80c1739_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409f880fa2ba2788db203d71c80c1739_JaffaCakes118
Size

164KB
MD5

409f880fa2ba2788db203d71c80c1739
SHA1

d6f379b937fbd1f08e06060f0a29961372215df4
SHA256

bb1df9778e9fac516808fc7c7145e886b2fb6b238c093d0359de2d64d6d0caa9
SHA512

9e0d65617fe754ef4ceff32668ca5896d1e0610605b03ef0aedc3259217dc365ee29bfc9d9328b935eab102fe01ddeba9c3ad4b17e5fb610c3375516a69c10c5
SSDEEP

3072:NzvDchsOaqG4pM70v0Tl/6S02zaiChurNVYDu4rr510DMX2XLjaBnyucbZqyjm7:Faraxr7O0TJ6szaiAurLYDuY3dX2bGnU

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
409f880fa2ba2788db203d71c80c1739_JaffaCakes118
unpack001/out.upx

Files

409f880fa2ba2788db203d71c80c1739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size: