c8c6d7b5320be0c22909477b7e637553_JaffaCakes118

General

Target

c8c6d7b5320be0c22909477b7e637553_JaffaCakes118
Size

152KB
MD5

c8c6d7b5320be0c22909477b7e637553
SHA1

bd750973c92bb9f700e99dd69783e5eb20855a75
SHA256

08cada8fab3bb1da75e655bf8e81be61db14bffdc311e042617446eb483e35d9
SHA512

7e008a0d01209f8dce34d81c91d2491cfef1fdbd12caa46edcfd73d4b34dcf7d2b9b301e818e1a46259a3f6b18beef9f4ece22030216fbb973aceddab3a42d34
SSDEEP

3072:VkyOzN4TnBh9n2IYPqvkXGACnKlW83EeCtxMK/W2fsz:yxnCvoMKw8Ue9X2

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c8c6d7b5320be0c22909477b7e637553_JaffaCakes118
unpack001/out.upx

Files

c8c6d7b5320be0c22909477b7e637553_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 320KB

UPX1 Size: 143KB - Virtual size: 144KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 36KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 320KB

UPX1
Size: 143KB - Virtual size: 144KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 36KB - Virtual size: 36KB