JaffaCakes118_ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5

General

Target

JaffaCakes118_ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5
Size

605KB
MD5

2d253c3f432ac3405c63058b797e3205
SHA1

842c7e31427fc73e162315f28ded970b375aa7fb
SHA256

ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5
SHA512

5bc31de8206752f2a9615c788a3346c2158e51a4ca89e3f6f1eb9c9a7e70fe56d879dd4f972de32fa818d3e0d822e3e4c478fdaca6be65cdfc84dbe9b9ffba8e
SSDEEP

12288:Rfj9YE1ghV4Hd6LGjGSN3Q88wvFf/iyuXLUBb98pHLG5Q7K9f37:RfjyEaQCGaSNRJ/hyLUz85C5Q7K9f37

Score

5^/10

upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/INQ8593.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/INQ8593.exe
unpack002/out.upx

JaffaCakes118_ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5
.rar
INQ8593.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 872KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 337KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ