45b3ab10f93fd53276a6d7a7beddf014_JaffaCakes118 | Triage

Sharing

General

Target

45b3ab10f93fd53276a6d7a7beddf014_JaffaCakes118
Size

7KB
MD5

45b3ab10f93fd53276a6d7a7beddf014
SHA1

42715536a9419183045075140097d98470e7ed7f
SHA256

0a96a03fae4bfe371cccfb7c299583d94aa102b147a4521a907f0ba6cbc2589a
SHA512

2da5afbdac9caeccf3c9b559e6112a5daae551d9ad77b07831038d4b4a9864ee7ffdfd079d9f16bbcc3712f73cde2342e7172d86cf32ff640f10840dfce9e9fb
SSDEEP

96:voazp1pse8rcTdaQLjmdhRRCd5KOyr6COnfPdIqW3RKaKjjqq/Owi2dzglb0HMht:vPzp1iBwgoiwKOyUfPdIavGzlYHM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
45b3ab10f93fd53276a6d7a7beddf014_JaffaCakes118
unpack001/out.upx

Files

45b3ab10f93fd53276a6d7a7beddf014_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetPluginVersion
OnClick

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll .hta .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ