d27970966e713eb580b518a0689b48a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d27970966e713eb580b518a0689b48a2_JaffaCakes118
Size

120KB
MD5

d27970966e713eb580b518a0689b48a2
SHA1

8ff29f7c5bd432209616fdcc15fd5b6428c7c2fa
SHA256

309c75c1a7ea8168e7bba8f21dd811af129a70e6b1fdb752f26ed16ab0044925
SHA512

5bfc4acbb1dcc67a71f864d2b0e58c2da726106d516c1727d72f6052e1a6be6f53f44705d07aedaac5b956a678b0a8d8001e37eb1f770c88f83412f2247fe47f
SSDEEP

3072:c/AZ2HMb5Emd3I+zD/5xYm56hOyVPgesVxteFI+Lz:cPBmNIMFTghOyVPlYxs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d27970966e713eb580b518a0689b48a2_JaffaCakes118

Files

d27970966e713eb580b518a0689b48a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

05c7df6d575c13faf78878f9450f3b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

Exports

Exports

UnHook
WSPStartup
installhook

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX4
Size: - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX5
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX6
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX7
Size: 232B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ