24a3066ec4b0fbe346f6fe2cbabe9ec2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24a3066ec4b0fbe346f6fe2cbabe9ec2_JaffaCakes118
Size

237KB
MD5

24a3066ec4b0fbe346f6fe2cbabe9ec2
SHA1

71142a28483909b7dd2ee867431755d34749307a
SHA256

ed28843c5a170d758f5a33bcee8841ebbd6df0dea02676fd35586976f57a02ea
SHA512

1fc9e773d5c65c69fbf37bc632e02b953ecaac2340b2f0c8c22a3ded975a4131066dc7f1c9d2bfd0e8c9f9e0914aafd955cf0a98de52b6e8c420c331a6eeb8d2
SSDEEP

6144:5rxUTYgVldkxQv680oSZDqn5ALmM+hHtQjSEZ53:5dFM4xQvooSZDFLJ+3Y3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24a3066ec4b0fbe346f6fe2cbabe9ec2_JaffaCakes118

Files

24a3066ec4b0fbe346f6fe2cbabe9ec2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BIBGetGetProcAddress
BIBGetVersion
BIBInitialize
BIBInitialize2
BIBInitialize3
BIBInitialize4
BIBLockSmithAssertNoLocksImpl
BIBLockSmithDeleteImpl
BIBLockSmithLockImpl
BIBLockSmithUnlockImpl
BIBTerminate

Sections

UPX0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE