75d5c81ec8116d92b439af2959e2fd94_JaffaCakes118 | Triage

Sharing

General

Target

75d5c81ec8116d92b439af2959e2fd94_JaffaCakes118
Size

173KB
MD5

75d5c81ec8116d92b439af2959e2fd94
SHA1

01de439f71163c899268a6ba8337b33d1f3af3ab
SHA256

ec19861c28d89ef7fad8bc98e4faff13194281a4889219e8b3fc4cd0dc5118a5
SHA512

05f1cb196180c084f26bb63ee85a714187a5f58a0812ac59e4646977e9ee2742e86314a88a60cbf6f96dbcd7964216c2ced52b9eef1c2b1b29d307e7d1827be3
SSDEEP

3072:FyKLnFWX3S70aqxUnYM1rtCEmjGZa8IB9n7N8zfQD64ZmNOq5K/in0aaczXi:FnFWnR5QDrCZ8IBlizfkHZ4Keac

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
75d5c81ec8116d92b439af2959e2fd94_JaffaCakes118
unpack001/out.upx

Files

75d5c81ec8116d92b439af2959e2fd94_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

QNuDcSNzm
cWALLNYfDay
nadQbIRrx
pfulQgqlU

Sections

UPX0
Size: - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ