3e8a7bc7c2fef499cf93d3aeed5b0e59_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e8a7bc7c2fef499cf93d3aeed5b0e59_JaffaCakes118
Size

72KB
MD5

3e8a7bc7c2fef499cf93d3aeed5b0e59
SHA1

607579402d0ab4b0685c0b38d405f86943759f01
SHA256

c5c5533474f0329c95d5ef69ced09d309362a7cbb27e91d5395890cddea06060
SHA512

9196f943d8ed74c5a0dcd5fffa7e741c45cb02a3c1406fa229c8fdec4e7fb7b676a50bb4620d1684b11249e43272fb2c6e96c6c77bdfac218ee59ff340101ca7
SSDEEP

1536:4sKXE7YQgohuGZ3IpYTwDXL2RR6LrMeQ24510gE4OeOiaFYrc:NjYQgYRZ3IYTwD72RMf9Q2S10gNOeT+F

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3e8a7bc7c2fef499cf93d3aeed5b0e59_JaffaCakes118
unpack001/out.upx

Files

3e8a7bc7c2fef499cf93d3aeed5b0e59_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Outt
Sett

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tldksods
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ