JaffaCakes118_a5e0a7385a395af2f768f9060b67b512 | Triage

Sharing

General

Target

JaffaCakes118_a5e0a7385a395af2f768f9060b67b512
Size

769KB
MD5

a5e0a7385a395af2f768f9060b67b512
SHA1

e490b9d23a735bf8c90d3784f7e8bdff90942a08
SHA256

e15f201d7561a7425144dd03e690af50ab3d3c66a3a24b6005e5c04d825d1fad
SHA512

4ee2834f11ed751c1dd30bd26296d2ba7d861d59134890160a9a41616468f81a56ab914cc33e83062ecda28cf05b6e399a486ec12998d10ab85b28d03be1ec4a
SSDEEP

12288:wJW1t+7yEtrwv3QsET+m9Eq0iIWkZ4TgD7fpLl3buoY9Z/NwJWOzwPfhwXIDF+Bt:t1tqcv3QDT+eaWisW75R+bwJrw3hDDEt

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a5e0a7385a395af2f768f9060b67b512
unpack001/out.upx

Files

JaffaCakes118_a5e0a7385a395af2f768f9060b67b512
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 753KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ