JaffaCakes118_7b16c96c6421fab05683e4b57312c917 | Triage

Sharing

General

Target

JaffaCakes118_7b16c96c6421fab05683e4b57312c917
Size

604KB
MD5

7b16c96c6421fab05683e4b57312c917
SHA1

b85837b9e78cc5b697c57d5db956acda77a268c8
SHA256

07b84045dd80cc5ec164eb8cf80848e50421902a452336bef5e6de640e531cde
SHA512

085e22aaeaa90fcb1dce5766b35a01e63bd3352264d87e1f9e38f5003dcbcbab43ad12a7f1f7e335393116ea9fdea47b1f6d087368d48899c0a9bb2fad39d427
SSDEEP

6144:IlpNJa6Bz/v6RtOadKnAVExjV6QQ8KCI6ShkDHxI/SNyUFFFFFFFFFFFFFFFFFFi:+zItXkjV6QtKQShOHxI/ACtQ2l6w

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7b16c96c6421fab05683e4b57312c917
unpack001/out.upx

Files

JaffaCakes118_7b16c96c6421fab05683e4b57312c917
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 440KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 321KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ