b5e4d0f82b5eae81bad02565c4a6bb46_JaffaCakes118

General

Target

b5e4d0f82b5eae81bad02565c4a6bb46_JaffaCakes118
Size

152KB
MD5

b5e4d0f82b5eae81bad02565c4a6bb46
SHA1

7da4aa11faabe5ffe399f2071c3b23f3112529b0
SHA256

f287b48f445508aeb749ab055e2845353acbdd2c562341b2f00ddf7e4c59b6e9
SHA512

62a97afbe54cc2bc7e99f23581a47cd01b5160823a4ed2e3fcba568fb3e482b0ab774fcb6bd9956e344e3b17f9e106b2857a083882c115cc8e5c87937e6ecef8
SSDEEP

3072:fsflKbtMfcU2PFOQa81FHoVEhm/NFW9kY0qUOG5teqH8eUxDZQEKhemqDxGeBqZi:kflKbWfcU2PF/RoV+m/P4Arc4PMQThvW

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b5e4d0f82b5eae81bad02565c4a6bb46_JaffaCakes118
unpack001/out.upx

Files

b5e4d0f82b5eae81bad02565c4a6bb46_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 316KB

UPX1 Size: 143KB - Virtual size: 144KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 247KB - Virtual size: 246KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 37KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 316KB

UPX1
Size: 143KB - Virtual size: 144KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 247KB - Virtual size: 246KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 37KB - Virtual size: 36KB