41aa76ebe8a666115602bffccc6b7de0_JaffaCakes118 | Triage

Sharing

General

Target

41aa76ebe8a666115602bffccc6b7de0_JaffaCakes118
Size

821KB
MD5

41aa76ebe8a666115602bffccc6b7de0
SHA1

9cb25a2e81b18218d4505055415ed2b2a08b8aa6
SHA256

8f4faa2ff341145c3d53a1f02063536a73559a2239f8c2a8581f86246419f266
SHA512

7bee3b1ede2d8971b2c0468f611a0935dff612f50e91b92186ab126bc430e1b71a105737458df0e5a692a640ed677cd1f27db8e2acb440b86aa6dded242874b5
SSDEEP

3072:iQdQSkqZZIsJFezK1IN1ku96rvGZFSllBA42z2Vv3z4tLovgWRMbFsM39xrITxu5:BTTIAFzqqi6rQiSm7NFO8cgT+5UC

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
41aa76ebe8a666115602bffccc6b7de0_JaffaCakes118
unpack001/out.upx

Files

41aa76ebe8a666115602bffccc6b7de0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 743KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 716KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ