19fb9afb30fe88d256fdcb2467833578_JaffaCakes118 | Triage

Sharing

General

Target

19fb9afb30fe88d256fdcb2467833578_JaffaCakes118
Size

3.2MB
MD5

19fb9afb30fe88d256fdcb2467833578
SHA1

438d3369da71184c31b226f5bf090c8954592ff2
SHA256

41e8a5c7267018eeff24f122ff2227e7b7ed2e3dc22338745df631d524502c13
SHA512

afa881d3600598f87ca6c34f809afe2107e55791dcbf1b59a7e4fa2be093a40423729d7f5a04e1db6748f45c7c5024d9421762996fd9d31edef915032f58d3a0
SSDEEP

24576:oFE//Tct4bOs8JVAzWT3G82PQlIYzuJBCWDlWwy018klgFaVSNucktoZAmK+vo11:aSVn

Score

7^/10

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.

Processes:

resource yara_rule

static1/unpack001/out.upx autoit_exe
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.

Processes:

resource

19fb9afb30fe88d256fdcb2467833578_JaffaCakes118
unpack001/out.upx

Files

19fb9afb30fe88d256fdcb2467833578_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ