522dcfc68c531a38e1478485baaf2a66_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

522dcfc68c531a38e1478485baaf2a66_JaffaCakes118
Size

122KB
MD5

522dcfc68c531a38e1478485baaf2a66
SHA1

b7cb11d8a2777e0cf159462038325cd8b0c1cafb
SHA256

7d0b405779577d06612368f82fc5624e714a1260a1242f4cbe1ceb775d0159b6
SHA512

a6fca2429884e3bc5fb1bbdccd052b04343726f98617bd451ddf2c4ff230a85cf851b8379a9a5722102fa3dd01b7a1efb6daf5dd8a4c1ec48e6dc697297ed965
SSDEEP

3072:jNq0KqiwQU1TPbmXWA67ndvM5FyokjA8a40+F3SYxWSR:0K1x1bCXWDv4FkaIrg

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
522dcfc68c531a38e1478485baaf2a66_JaffaCakes118
unpack001/out.upx

Files

522dcfc68c531a38e1478485baaf2a66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ