44c50b8397dce1b848edba0754821d6c_JaffaCakes118 | Triage

Sharing

General

Target

44c50b8397dce1b848edba0754821d6c_JaffaCakes118
Size

489KB
MD5

44c50b8397dce1b848edba0754821d6c
SHA1

f10e0953f90392ebe3caeddb87c3f089ebd99f4b
SHA256

362793c6b3b8703ee7035586098d4912f87b3e66a453a8159e1a6db192c94293
SHA512

d7d079fbb05a06a26587d9c50ef0b0c8cfc1a5ed0418d4cbf3367d7f97e7df75b3560d1d0f62aee782b3f569684c6aadd24a0c01df17a50f15c743ed04625cb1
SSDEEP

6144:dopXuBviZ4VG1uDuBFaGwKp5qBqDjDFrk/nU/6Ba7jd/Vadob4w7/4EIQ/4wtnb4:d0+RiZMfILjfF8U/3jd/Vxb4ungwtbL8

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/HiAlbum.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HiAlbum.exe
unpack002/out.upx

Files

44c50b8397dce1b848edba0754821d6c_JaffaCakes118
.rar
HiAlbum.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 486KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 696KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ