23bd0158ed2765ae051f450f8b3d890a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23bd0158ed2765ae051f450f8b3d890a_JaffaCakes118
Size

270KB
MD5

23bd0158ed2765ae051f450f8b3d890a
SHA1

4e54f80deebbd18275c6addc193cec42c9d33c1f
SHA256

13df1abf2cdf24483be61f764bfdb410d0903ec400989b2e52e702b6cd4c17e1
SHA512

d46cf89ffec253726f8143cb25df5bc2f576fd7c38d0819efa6cc3ad487a9527ea377f5c8293fca4920f5d23a4ce3b2a24f1e685d052b2cc5a8ec1fd302a765e
SSDEEP

6144:v9itT6pnpHs54XQsc1JcSuzR2UW4lR34QbC9ZKXjvTNfG:lit6pls52QcPRlR34p9MXjbN+

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
23bd0158ed2765ae051f450f8b3d890a_JaffaCakes118
unpack001/out.upx

Files

23bd0158ed2765ae051f450f8b3d890a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

lib_About
lib_AddSignerSignedData
lib_Base64
lib_CacheINIpluginData
lib_CertRequest
lib_CertRequest2
lib_CertUpdate
lib_CertUpdate2
lib_ChangePIN
lib_CheckBrowser
lib_CheckCRL
lib_CheckVID
lib_ClearCachedData
lib_ConvertTaxData
lib_Decrypt
lib_Decrypt2
lib_DecryptFile
lib_DecryptW
lib_DecryptWithGunzip
lib_DecryptWithPassword
lib_DelTadData2Clt
lib_DelTaxData2Clt
lib_DeleteUserCert
lib_DisableInvalidCert
lib_DownloadEncryptFile
lib_DownloadFile
lib_DownloadencryptFile2
lib_E2EInit
lib_E2ESetKey
lib_EnableCheckCRL
lib_Encrypt
lib_EncryptFile
lib_EncryptWithKey
lib_EncryptWithPassword
lib_EncryptWithSKInfo
lib_EndCacheProcess
lib_ExportPKCS12
lib_ExtendMethod
lib_ExternalLogin
lib_FilterCert
lib_FilterUserCert
lib_FilterUserCert2
lib_Free
lib_GetCachedCert
lib_GetCachedData
lib_GetCertCount
lib_GetCertFromSignedData
lib_GetClientCert
lib_GetClientP12Key
lib_GetLastError
lib_GetPINRetryCount
lib_GetProperty
lib_GetServerTime
lib_GetSessionKey
lib_GetStorageSerial
lib_GetVersion
lib_GetXLSFile
lib_GunzipAndDecryptWithPassword
lib_GzipAndEncryptWithPassword
lib_Hash
lib_INICheckVID
lib_INIFileSign
lib_INISignData
lib_ImportPKCS12
lib_IniSign
lib_IniSign2
lib_IniSign3
lib_InitCache
lib_InitCache2
lib_InsertCACert
lib_InsertCertToMS
lib_InsertUserCert
lib_InsertUserCert2
lib_IsCachedCert
lib_IsCheckCard
lib_LoadCACert
lib_LoadCert
lib_LoadPFX
lib_MakeContractDataVerify
lib_MakeFileData
lib_MakeINIpluginData
lib_MakeINIpluginData2
lib_MakeINIpluginDataW
lib_MakePKCS7EnvelopedData
lib_MakePKCS7TaxData
lib_MakeSessionKeyInfo
lib_MakeSignedData
lib_MakeTSReq
lib_MakeTadData
lib_MakeTaxData
lib_MakeTaxDataVerify
lib_ManageCert
lib_ManageCert2
lib_ManagePkcs7TaxData
lib_ManageTax
lib_NeonCertUpdate
lib_NeonCertUpdate2
lib_PKCS7SignData
lib_PKCS7SignFile
lib_ReSession
lib_SavePKCS7Tax
lib_SavePkcs7TaxData
lib_SaveTadData
lib_SaveTadData2Clt
lib_SaveTaxData
lib_SaveTaxData2Clt
lib_SelectClientCert
lib_SelectFile
lib_SelectSignXML
lib_SelectVerifyXML
lib_SetCacheTime
lib_SetCachedData
lib_SetClientCert
lib_SetClientCertKey
lib_SetLogoPath
lib_SetProperty
lib_SetTVBanking
lib_SetVCSUrl
lib_SetVerifyNegoTime
lib_Sign
lib_SignBinary
lib_SignFile
lib_SignTaxDataVerify
lib_SignVerify
lib_SignVerifyBinary
lib_SignXML
lib_SignXML2
lib_URLDecode
lib_URLEncode
lib_UploadEncryptFile
lib_VData
lib_VerifyPIN
lib_VerifySignedData
lib_VerifySignedData2
lib_VerifySignedDataEx
lib_ViewCert
lib_ViewTaxInfo
lib_WriteXLSFileEx
lib_getSharedAttribute
lib_setSharedAttribute
lib_xFlashGetAllCertHeader
lib_xFlashGetCertDetail
lib_xFlashGetCertHeader
lib_xFlashGetCertListCount
lib_xFlashGetDeviceList
lib_xFlashMakeINIpluginData
lib_xFlashRemoveDeviceCert
lib_xFlashSetCertKeys
lib_xGetClientCert
lib_xGetRData
lib_xSign

Sections

UPX0
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 624KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 608KB

UPX1 Size: 257KB - Virtual size: 260KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 624KB - Virtual size: 620KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 48KB - Virtual size: 44KB

.reloc Size: 32KB - Virtual size: 30KB

UPX0
Size: - Virtual size: 608KB

UPX1
Size: 257KB - Virtual size: 260KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 624KB - Virtual size: 620KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 48KB - Virtual size: 44KB

.reloc
Size: 32KB - Virtual size: 30KB