23af25f579a1c18c87e34c6372e84a26_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23af25f579a1c18c87e34c6372e84a26_JaffaCakes118
Size

26KB
MD5

23af25f579a1c18c87e34c6372e84a26
SHA1

97eb958ee55d845dd517e6c9af530d2bbde96e2f
SHA256

2e2ce25a6c3b60ad88857b977940632503029889fb9968f5630afb250d0e1f66
SHA512

03596e0b7f8770a749e85cd60cd735f0c802f53d8712b0007ad38cdfbc39124f16165f4a1484500c17f2d6431a95592e29634419da7ab133c979e76c8c862518
SSDEEP

384:WOmsTUJflpiPmYu7kUHPkGOS3muWOJirLQc9Qxi2QSav:1nU9piwFMWjWOJirL99J2QSS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23af25f579a1c18c87e34c6372e84a26_JaffaCakes118

Files

23af25f579a1c18c87e34c6372e84a26_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Activate
DllCanUnloadNow
DllGetClassObject
HookProc
Logoff
Logon
Start

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ