084d97a7369b9959f87981f597b90f2a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

084d97a7369b9959f87981f597b90f2a_JaffaCakes118
Size

94KB
MD5

084d97a7369b9959f87981f597b90f2a
SHA1

d05663d4fadeb4afcac830e1c388f4a74e237b62
SHA256

c0cf715c87c4c72ac36cbfc7fe993154fdb77e09513cc4daf71b52588ca348dc
SHA512

ad692ad60096258a74be2c83f192724cb497209e575fbe77e30a0fe63eba0ab7a1d6d79a4b4badb66260e06164b74cf145ce29f9cd438b39136b6deb3b9b1d9a
SSDEEP

1536:1br5y7NJ3FnToIfItdjxsHEF7pcpM57H7SvtyIpz6tQEsvw+dY48:dr5y7NJ3tTBfqTsCUM5ivtyIpzi9Yd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084d97a7369b9959f87981f597b90f2a_JaffaCakes118

Files

084d97a7369b9959f87981f597b90f2a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Install
RundllInstall
RundllUninstall
ServiceMain

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

asdf0
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ