b45d7c17f4b31c9f4e1cd793141e7e4d_JaffaCakes118

General

Target

b45d7c17f4b31c9f4e1cd793141e7e4d_JaffaCakes118
Size

891KB
MD5

b45d7c17f4b31c9f4e1cd793141e7e4d
SHA1

8c354b2eec675735cdb8a91fa586eeab929fcb85
SHA256

a7d8fad69caf6f20b0e5d0dc32a68b382b6100baf5ca7895ff98f1146fb6a58a
SHA512

98f8e93e56f5803e52c96a74ffb8d2008f5a82608bd54704e0600ab29edb642045682958fa39f212159a83dd4e2ecba9714bbf45b32e85ea73974aaaf7de5379
SSDEEP

24576:aqve97MUZjg9qI2e0IwluMAwtA2NptIeVvsDqS5k60MU:Xs7MgEpYmcItDqS5O7

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/elfload.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/elfload.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/elfbot.dll
unpack001/elfload.dll
unpack001/elfload2.dll

Files

b45d7c17f4b31c9f4e1cd793141e7e4d_JaffaCakes118
.rar
elfbot.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

EcInit

Sections

.lvgf
Size: - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.utoas
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ieupg
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vjnpx
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.lvzy
Size: 544KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ezhpv
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hutjlo
Size: 108KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lstx
Size: 4KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhnqy
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gjcq
Size: 656KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dywt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
elfload.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
elfload2.dll
.dll windows:4 windows x86 arch:x86

095172e783427c1a2072d5926f867e01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

TranslateMessage
RegisterClassExA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateDialogParamA

kernel32

lstrcpyA
lstrcatA
WriteProcessMemory
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetCurrentProcess
CreateThread
ExitProcess
ExitThread

comctl32

InitCommonControls

Sections

.text
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 723B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 405B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.lvgf Size: - Virtual size: 239KB

.utoas Size: 4KB - Virtual size: 3KB

.ieupg Size: - Virtual size: 2.6MB

.vjnpx Size: - Virtual size: 27KB

.lvzy Size: 544KB - Virtual size: 576KB

.ezhpv Size: 52KB - Virtual size: 64KB

.hutjlo Size: 108KB - Virtual size: 128KB

.lstx Size: 4KB - Virtual size: 64KB

.fhnqy Size: 36KB - Virtual size: 64KB

.gjcq Size: 656KB - Virtual size: 704KB

.dywt Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 24KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 4KB

095172e783427c1a2072d5926f867e01

Headers

File Characteristics

Imports

user32

kernel32

comctl32

Sections

.text Size: 1024B - Virtual size: 932B

.rdata Size: 1024B - Virtual size: 723B

.data Size: 512B - Virtual size: 405B

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 320B

.lvgf
Size: - Virtual size: 239KB

.utoas
Size: 4KB - Virtual size: 3KB

.ieupg
Size: - Virtual size: 2.6MB

.vjnpx
Size: - Virtual size: 27KB

.lvzy
Size: 544KB - Virtual size: 576KB

.ezhpv
Size: 52KB - Virtual size: 64KB

.hutjlo
Size: 108KB - Virtual size: 128KB

.lstx
Size: 4KB - Virtual size: 64KB

.fhnqy
Size: 36KB - Virtual size: 64KB

.gjcq
Size: 656KB - Virtual size: 704KB

.dywt
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 932B

.rdata
Size: 1024B - Virtual size: 723B

.data
Size: 512B - Virtual size: 405B

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 320B