3d726a9cc6c945eb4ed35ce36bcaf0d0_JaffaCakes118

General

Target

3d726a9cc6c945eb4ed35ce36bcaf0d0_JaffaCakes118
Size

103KB
MD5

3d726a9cc6c945eb4ed35ce36bcaf0d0
SHA1

2055ea6e3db80102b0578b1254d7265e5730e5c3
SHA256

1baf8156ad791a1544d34d7bb6e056bfc597fc35249ed1c961320b894270c9d1
SHA512

268d653f89676e492e462d08c3a1bc1fa75f1a5a8fdd48920da6e4e59401fea3e185398c949abc080655726fb7e3aa8dddd9a71cd4a6e26a6fa48f40c6b7bdb6
SSDEEP

1536:oXojFHZQn7wCXasRZMy9C50rmLOhwzDcLdnazHSUCPVpPD4RW/InLG:oX04wCX1R+SCKrmQFdnajVAdURW/Ia

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3d726a9cc6c945eb4ed35ce36bcaf0d0_JaffaCakes118
unpack001/out.upx

Files

3d726a9cc6c945eb4ed35ce36bcaf0d0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?BLP2DECODE_ARGBtoRGBA@@YA_NPAEK@Z
?BLP2DECODE_BLP2BUFtoRGBA@@YAPAEPAEKKPAK11PAUblp2header@@@Z
?BLP2DECODE_BLP2BUFtoTGA@@YA_NPAEKPADKPAK@Z
?BLP2DECODE_BLP2FILEtoRGBA@@YAPAEPADKPAK11PAUblp2header@@@Z
?BLP2DECODE_BLP2FILEtoTGA@@YA_NPAD0K@Z
?BLP2DECODE_BLP2toRGBA@@YAPAEPAUblp2header@@PAEKPAKQAUrgba@@KK@Z
?BLP2DECODE_FreeAll@@YAXXZ
?BLP2DECODE_FreeBuffer@@YAXXZ
?BLP2DECODE_FreeData@@YAXXZ
?BLP2DECODE_FreeErrorStr@@YAXXZ
?BLP2DECODE_GetLastError@@YAKXZ
?BLP2DECODE_GetLastErrorStr@@YAXPAD@Z
?BLP2DECODE_RGBAtoARGB@@YA_NPAEK@Z
?BLP2DECODE_RGBAtoBLP2BUF@@YAPAEPAEKKKPAKH@Z
?BLP2DECODE_RGBAtoBLP2FILE@@YA_NPAEKKKPADH@Z
?BLP2DECODE_TGAtoBLP2BUF@@YAPAEPADPAKH@Z
?BLP2DECODE_TGAtoBLP2FILE@@YA_NPAD0H@Z

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 252KB

UPX1 Size: 100KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 120KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 16KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 252KB

UPX1
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 120KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 16KB - Virtual size: 12KB