59cefc8c6b4203ea91c67630f117550f_JaffaCakes118

General

Target

59cefc8c6b4203ea91c67630f117550f_JaffaCakes118
Size

222KB
MD5

59cefc8c6b4203ea91c67630f117550f
SHA1

3492f08cef32f6e307ec16725b849008136c08a8
SHA256

d08303a00b8dfbc2478b4973df3b4a913c60e8afcc52326220e426e1bf84579b
SHA512

fceccd4dd072ef5d290353a566093bb229ff956ff2667a3e4f95fd79c7d03313b2819124a0012396d0a1d23de03b4c032020201fdef6a88808778380545c1ff1
SSDEEP

6144:EUWQlp4vcx3ytLTbFqeBj/UzVaRSrJjRD0/ptQ5/v27DV:E7Qlpc9TbFpj/mVaAJVA/pK/e7D

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
59cefc8c6b4203ea91c67630f117550f_JaffaCakes118
unpack001/out.upx

Files

59cefc8c6b4203ea91c67630f117550f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 364KB

UPX1 Size: 215KB - Virtual size: 216KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 443KB - Virtual size: 442KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 12KB

.idata Size: 11KB - Virtual size: 11KB

.edata Size: 512B - Virtual size: 77B

.reloc Size: 29KB - Virtual size: 28KB

.rsrc Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 364KB

UPX1
Size: 215KB - Virtual size: 216KB

.rsrc
Size: 3KB - Virtual size: 4KB

CODE
Size: 443KB - Virtual size: 442KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 11KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 77B

.reloc
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 21KB - Virtual size: 21KB