c962be8bd701248f786082875b6b4d13_JaffaCakes118

General

Target

c962be8bd701248f786082875b6b4d13_JaffaCakes118
Size

24KB
MD5

c962be8bd701248f786082875b6b4d13
SHA1

16343a5bebfb789333f549225a28b2c3890c77d4
SHA256

fbe6df5b0b479653b0fdbd90cf03ea14cf450d5cb1c96b94e10dd2d21bac8f76
SHA512

fcb3dfdc57fe5ee298e1b8bea6a417dc37abe1f69c50240162dd14200e264c979e779674805583df5cee5d33270b47ec87150025ac7b4430025c496920cecaaa
SSDEEP

384:MrLFPFwhONEfmwsDXALwdnLbgTzxdvvSgevo2M:MnxF4VNsiwdLbgR1vq

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c962be8bd701248f786082875b6b4d13_JaffaCakes118
unpack001/out.upx

Files

c962be8bd701248f786082875b6b4d13_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

MyLove
PlaySoundA
PlaySoundW
sndPlaySoundW
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 581B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 771B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 19KB - Virtual size: 18KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: - Virtual size: 581B

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 1024B - Virtual size: 771B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 4KB

CODE
Size: 19KB - Virtual size: 18KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 581B

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 1024B - Virtual size: 771B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B