5375ed9539a83132fc7282fdb42222b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5375ed9539a83132fc7282fdb42222b3_JaffaCakes118
Size

736KB
MD5

5375ed9539a83132fc7282fdb42222b3
SHA1

9c0ecc84655b80b4e59fd78b680bf44248b55a6b
SHA256

a500789320b9bb7c7a4f84bd89190b2420f245e3e160113744b3d52cbe811852
SHA512

283db0a7c674975b9d220501d62bbc21c6f8484c404ee23b1b7c9f01ce39e5b08e947d562709fb6afc52b7f8eae5247045f2db2159804ec755a44a600dde7d76
SSDEEP

12288:g24Xu8Hwpy+a+ehgyAF1h7xxUDIIQ0HHZJMrz2pkKdDvv0Fv+3UCYrdN1/0T+QFN:4e8u6l3M7xuDI1UEPUTv0FEUNdNpaFZP

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5375ed9539a83132fc7282fdb42222b3_JaffaCakes118
unpack001/out.upx

Files

5375ed9539a83132fc7282fdb42222b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ