1014bb6f646cc72d9543db47e57603d8_JaffaCakes118

General

Target

1014bb6f646cc72d9543db47e57603d8_JaffaCakes118
Size

36KB
MD5

1014bb6f646cc72d9543db47e57603d8
SHA1

ab1229757c6befa36ac4c0b2b17d10398f12c290
SHA256

76063b4608fd3ebf15a39d82cf5aa26ca9dff36c2622fc17f4824a16855d1dac
SHA512

2c0a9d3e812563636c46f8be34802ff310362cbd995caffb54cef1bed1e4c03ce7cd67aae139d38eacca0ba8b2ebfac9088ea8ccdbcdfb78cfefac24ade3b982
SSDEEP

384:+cq/HDDl+boqUKafQfpx+dD2AWxQwwN7zRfzS1b9Tmr3KxRWR4WHiF:ZqbDJ75fQ+92AWxNw5g15TmraxU0

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1014bb6f646cc72d9543db47e57603d8_JaffaCakes118

Files

1014bb6f646cc72d9543db47e57603d8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Arecv
Asend
EnumProtocolsA
EnumProtocolsW
GetAddressByNameA
GetAddressByNameW
GetNameByTypeA
GetNameByTypeW
GetServiceA
GetServiceW
GetTypeByNameA
GetTypeByNameW
NPLoadNameSpaces
SetServiceA
SetServiceW
TransmitFile
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSAIsBlocking
WSARecvEx
WSASetBlockingHook
WSASetLastError
WSAStartup
WSAUnhookBlockingHook
WSHEnumProtocols
WsControl
__WSAFDIsSet
accept
bind
closesocket
closesockinfo
connect
dn_expand
gethostbyaddr
gethostbyname
gethostname
getnetbyname
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_network
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
rcmd
recv
recvfrom
rexec
rresvport
s_perror
select
send
sendto
sethostname
setsockopt
shutdown
socket

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 72KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 72KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 7KB - Virtual size: 8KB