a87a0fb5953bd643fb68e529d4297a80_JaffaCakes118

General

Target

a87a0fb5953bd643fb68e529d4297a80_JaffaCakes118
Size

272KB
MD5

a87a0fb5953bd643fb68e529d4297a80
SHA1

962eb8330b5465f13b188bc58c96c3d7f7dc1901
SHA256

e6e8dbedfb69460f668a47360f49023cd23f06eaf5ac2d720634801ed0cdf01e
SHA512

8ef7f678f839cf2a9d1bac56f5e2ecfa5afc323541fd797be4fa15b73b7d16f8566574b5f88401e67589d4fd06a5c1bbb13aa74e2ac404fd38a68d398814f87a
SSDEEP

6144:PuPg/kV+lK9jO0HF3gTrM8VwboQofE/Fb80zeHKI+hOQO3/:Pcg/kV+lKhNlw3LVknNb80XI+hBI

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a87a0fb5953bd643fb68e529d4297a80_JaffaCakes118
unpack001/out.upx

Files

a87a0fb5953bd643fb68e529d4297a80_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 456KB

UPX1 Size: 262KB - Virtual size: 264KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 499KB - Virtual size: 498KB

DATA Size: 18KB - Virtual size: 18KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 78B

.reloc Size: 31KB - Virtual size: 30KB

.rsrc Size: 119KB - Virtual size: 119KB

UPX0
Size: - Virtual size: 456KB

UPX1
Size: 262KB - Virtual size: 264KB

.rsrc
Size: 9KB - Virtual size: 12KB

CODE
Size: 499KB - Virtual size: 498KB

DATA
Size: 18KB - Virtual size: 18KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 78B

.reloc
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 119KB - Virtual size: 119KB