a472a4e1d78ca91d6351dd4da1db0b92_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a472a4e1d78ca91d6351dd4da1db0b92_JaffaCakes118
Size

317KB
MD5

a472a4e1d78ca91d6351dd4da1db0b92
SHA1

b2758e0d6de41229843f2270992a1a2129c776e6
SHA256

af935619a4980e78e60d35376cf86ca49ce24ab6d6d016165b6d732dc679b6a1
SHA512

6e078f5c18f0641d008d3fdb1b80bf24813d9c737d53a4115a0283b079dbb59bc323d6e81be98e7d8dc260e5034e0b38d5a9a8d4586e8e974ea1fc8773c7382a
SSDEEP

6144:/menrXHhbvzVfgthlBzxpjn1MwFXSWt5saP0udXQpU9qiUNokUBHp4/:JnDhbzJgtXBzxpBMwFXsMDQG0ojp4/

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a472a4e1d78ca91d6351dd4da1db0b92_JaffaCakes118
unpack001/out.upx

Files

a472a4e1d78ca91d6351dd4da1db0b92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

RunDllHostCallBack
_��ӳ��

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 309KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ