5315d7ee86a83cb600bae81a44a03f20_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5315d7ee86a83cb600bae81a44a03f20_JaffaCakes118
Size

326KB
MD5

5315d7ee86a83cb600bae81a44a03f20
SHA1

2e93e41a2469f253ea06fe6d073a9f4a7f092a35
SHA256

7ae21e40c7d375d6b2e76c049416fbec2a3c203ac615f20dc7e328a293f4ae09
SHA512

5d163b2bc6e57ce51dc13bebe4e6051b29203a6f0df05c45c30b1a11804a5af3d4362ca887c4ac6602571a6c63bb81ff23de7fb73ade1837391ed986ecb7b2fb
SSDEEP

6144:CxwxVAW5JftTt8k9NBLcgvnCBLo8tCSPqEBYRdCFYQDNSWishiHSA0rwFJ:C6xVAWvVhrNBAg/CbttmzcY0SWiPHSAj

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5315d7ee86a83cb600bae81a44a03f20_JaffaCakes118
unpack001/out.upx

Files

5315d7ee86a83cb600bae81a44a03f20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ