6c89df7d6d364c792599d4ff2499aeac_JaffaCakes118

General

Target

6c89df7d6d364c792599d4ff2499aeac_JaffaCakes118
Size

6KB
MD5

6c89df7d6d364c792599d4ff2499aeac
SHA1

39914836beedca727bf03391ca8fc080e50af7e8
SHA256

340740138a67feec6ae91493dcd3c29940ec245dce0717f58e9b2542ac37c094
SHA512

b77e23491633088da0a686b7dab2af9a7fd8a6335979d1f6cc2c34f7d48d7e64839d1fded0fbf8b9a35f6756a277178c39260c14a141572aeb4cc06d0789f066
SSDEEP

96:UfHPeJxt5s9ebyogWXpZxhqymU7gnbIEpHmWoXDFLXVthcJigcD:UfZewWthGUUnbIumXhLx9jD

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6c89df7d6d364c792599d4ff2499aeac_JaffaCakes118
unpack001/out.upx

Files

6c89df7d6d364c792599d4ff2499aeac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

lib_mysqludf_sys_info
lib_mysqludf_sys_info_deinit
lib_mysqludf_sys_info_init
sys_bineval
sys_bineval_deinit
sys_bineval_init
sys_eval
sys_eval_deinit
sys_eval_init
sys_exec
sys_exec_deinit
sys_exec_init
sys_get
sys_get_deinit
sys_get_init
sys_set
sys_set_deinit
sys_set_init

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 860B

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 512B - Virtual size: 410B

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 860B

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 512B - Virtual size: 410B