JaffaCakes118_5a214df6ff98abe072c84a54fd6b6a2e | Triage

Sharing

General

Target

JaffaCakes118_5a214df6ff98abe072c84a54fd6b6a2e
Size

167KB
MD5

5a214df6ff98abe072c84a54fd6b6a2e
SHA1

f32e7b4a432ff09a1ffb1dc85194425e48092720
SHA256

31166c12bf45a1fd90c19b0ffd75dccefc921ba3adf1db3377687c7cf594f9a0
SHA512

5af3ed2ff761504a2623d4e948c6b1d5d0b71cb05ae754056b1bc8a17c472a5691474000142599a211c0ce7693f9595d966855f885f975ab2e417c02e611107f
SSDEEP

3072:7/QVZG2YfLc0YfDsj6/uxGE5H3Ibm9sPpCIAIF86/WJhoPT1czphNt:7Bw0YAG/OG4JsxQIFFeDoL2zph

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5a214df6ff98abe072c84a54fd6b6a2e
unpack001/out.upx

Files

JaffaCakes118_5a214df6ff98abe072c84a54fd6b6a2e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ