urelas | e407fc2f4e92e0dee930a774eaac9f65_JaffaCakes118 | Triage

Sharing

General

Target

e407fc2f4e92e0dee930a774eaac9f65_JaffaCakes118
Size

541KB
MD5

e407fc2f4e92e0dee930a774eaac9f65
SHA1

c70fb6cc0473c1f382a41f90bb0c0c1ab625e2f9
SHA256

f8a527a5ddb7d4c4dfd7b8b10bb106bf18fd1353a03788ef8d0b2042a28ba678
SHA512

6d313db5a59c03578621a2dd2a196586145de91e2ab5fc5ee6fb3c7c4cfb8cd8ec1fe29b4afa5ad04490798e5e76e2117b0ac4b20064bf57c4117e4fd7eb04c2
SSDEEP

12288:T52PxDgZo3ijnieactYDG7MzZSHJcvEj8dmoSxu8:92SLi70T7Mifj/

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e407fc2f4e92e0dee930a774eaac9f65_JaffaCakes118

Files

e407fc2f4e92e0dee930a774eaac9f65_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 200KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE