365d27c1c1a07ea3a1081f1640dac3c1_JaffaCakes118

General

Target

365d27c1c1a07ea3a1081f1640dac3c1_JaffaCakes118
Size

94KB
MD5

365d27c1c1a07ea3a1081f1640dac3c1
SHA1

04c9040250c6b92b0df17888e4dae0c6c6d9bda1
SHA256

afcbae2e44cf0e38838795f4ce226dd2d55f9e4927af36914cd6e747d15fa039
SHA512

b0d941c5da899bafcb74f5044aca193ff13c75cac4e158bc4c4b9f2c758ab2b91d6ffb56bc0d0e864eedb94094cb503eebedaa8464e209b54f45962feed03e5c
SSDEEP

1536:4S+wFN+uFLd5hZ2RCkKDIqkvu6z+KrCLx9slxCuHycupmCGeqgfKNGiu:GSN+ur5nMKMqkv7z+KrCl9s7jbufrqBu

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
365d27c1c1a07ea3a1081f1640dac3c1_JaffaCakes118
unpack001/out.upx

Files

365d27c1c1a07ea3a1081f1640dac3c1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 160KB

UPX1 Size: 89KB - Virtual size: 92KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 184KB - Virtual size: 183KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 163B

.reloc Size: 12KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 160KB

UPX1
Size: 89KB - Virtual size: 92KB

.rsrc
Size: 3KB - Virtual size: 4KB

CODE
Size: 184KB - Virtual size: 183KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 163B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 8KB