55a7e63203bafa9f9a3025028fd65dc5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55a7e63203bafa9f9a3025028fd65dc5_JaffaCakes118
Size

178KB
MD5

55a7e63203bafa9f9a3025028fd65dc5
SHA1

c04d2a5539f57b7a634a3401badd3e4fca0101e5
SHA256

c4cf9f00be10fa99838c29178410ed090a77e43c018dd5aa065a74dcc5d8a2a6
SHA512

90bde1c819cd73ea3f160a510106e62b191e40915b3b349dc0b779c6e4841ef0d5b67e56065ef7dd704bd39cff2516ac19c005da9c46fd41010a2bbe5cf9e6c2
SSDEEP

3072:zGwoF9URMPr0vQbn+5bRaGL8CW7ZPYgrX2kgQtMoBczUHcsZRDs8IbnD:zGwoFPA/Z9AD6kXtMYc8csPDs8If

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
55a7e63203bafa9f9a3025028fd65dc5_JaffaCakes118
unpack001/out.upx

Files

55a7e63203bafa9f9a3025028fd65dc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ