41340e45c418cc575c4f5f2b4f8b7720_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41340e45c418cc575c4f5f2b4f8b7720_JaffaCakes118
Size

36KB
MD5

41340e45c418cc575c4f5f2b4f8b7720
SHA1

0c364b88970a8b27492414b440a4f1eddc94e90d
SHA256

de36b141997c88f3c72134ca9f580745d9aa27d295ab3732f4b1ea5101e1e4f4
SHA512

6fa54638ac18e3e0adb9349cc7b551f40d86e61a93a5b54f2bcc4bf98e74e920bcdc4b13f5ca03daaba2baf8cd151ee89bca1a11a3ee8d939275660385e66abf
SSDEEP

768:wEzuSRy9CS7mWJNIqyyr1l91tokb2etYsIfsN0Z/q4zgNvN2w7f:wEipN7mWDIqpzXtow2etYzePnNvN2w7

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
41340e45c418cc575c4f5f2b4f8b7720_JaffaCakes118
unpack001/out.upx

Files

41340e45c418cc575c4f5f2b4f8b7720_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ