f49da0371e3b3bc3adfedbace3963fe3_JaffaCakes118 | Triage

Sharing

General

Target

f49da0371e3b3bc3adfedbace3963fe3_JaffaCakes118
Size

819KB
MD5

f49da0371e3b3bc3adfedbace3963fe3
SHA1

76455b51f4300cadcf4695f00f9ad914b8542af8
SHA256

883147c195cc8f7e79123197a9ecb14559abb6ac68792306357b485ad1ca276f
SHA512

f8bbfe3600aa4c7a06619c4332f314422049655a06b0f24a28d51b47d68a46e9cf9d72dbeb6f8794868d98ac1599be99999f4bb63cda7d43b19ac5bce952e2d5
SSDEEP

24576:34T5euUMwzjwS8OZmd8rseVeoKODY/Bmz:3AewuwS8O0d84eTryu

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

Processes:

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f49da0371e3b3bc3adfedbace3963fe3_JaffaCakes118

Files

f49da0371e3b3bc3adfedbace3963fe3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 369KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

img
Size: 426KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE