72906914fb08dbd3749b1533fff65d1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72906914fb08dbd3749b1533fff65d1d_JaffaCakes118
Size

112KB
MD5

72906914fb08dbd3749b1533fff65d1d
SHA1

601557af46e128c3dde5d21a63d5344749ceba7a
SHA256

4062021d326b1ff55e15b9690adc4814625102419af5ff1d602e87cd7a101734
SHA512

07063669c21ed8aa68a65b67fc966cdb9206f3ec5c1fc8b59aacb39976df5e7bf3655c4d13366c0af6bcc6451e33c4f26bb858ae5e978ab644a6c897e90b60f6
SSDEEP

3072:U0v7Xt11hO+rHY82/ALJuPTmRgarBfu51:3TXj69AlLrBfQ1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72906914fb08dbd3749b1533fff65d1d_JaffaCakes118

Files

72906914fb08dbd3749b1533fff65d1d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE