17b9895aa68f788a91d87dd8ff954ec5_JaffaCakes118

General

Target

17b9895aa68f788a91d87dd8ff954ec5_JaffaCakes118
Size

30KB
MD5

17b9895aa68f788a91d87dd8ff954ec5
SHA1

ed2dc39dca1889a817784d37cdeb482d31cdc069
SHA256

e0b569c4b4efe3bed72dd3ca12c49694f2e22d04160f2a83944f4a3cde26471d
SHA512

334743af5e5e3bd0f6a7d5289113d86540d0bcfc48df6f5be0db55f8f2fc43db9c89f5fa61a112a133bded6c74ad63c917b1063f22b078ec61410bec0a847fff
SSDEEP

768:1137PJwCPE2imkkdPxHyPLRqFvS4upBtuzCwI:PtlPE3kdPAjEFK4uQ1I

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
17b9895aa68f788a91d87dd8ff954ec5_JaffaCakes118
unpack001/out.upx

Files

17b9895aa68f788a91d87dd8ff954ec5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AcceptEx
EnumProtocolsA
EnumProtocolsW
GetAcceptExSockaddrs
GetAddressByNameA
GetAddressByNameW
GetNameByTypeA
GetNameByTypeW
GetServiceA
GetServiceW
GetTypeByNameA
GetTypeByNameW
MigrateWinsockConfiguration
NPLoadNameSpaces
SetServiceA
SetServiceW
TransmitFile
WEP
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSAIsBlocking
WSARecvEx
WSASetBlockingHook
WSASetLastError
WSAStartup
WSAUnhookBlockingHook
WSApSetPostRoutine
__WSAFDIsSet
accept
bind
closesocket
connect
dn_expand
gethostbyaddr
gethostbyname
gethostname
getnetbyname
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_network
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
rcmd
recv
recvfrom
rexec
rresvport
s_perror
select
send
sendto
sethostname
setsockopt
shutdown
socket

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 21KB - Virtual size: 24KB

UPX2 Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 21KB - Virtual size: 24KB

UPX2
Size: 8KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB