d4fc33064b8c944d090c23c9369a9917_JaffaCakes118

General

Target

d4fc33064b8c944d090c23c9369a9917_JaffaCakes118
Size

648KB
MD5

d4fc33064b8c944d090c23c9369a9917
SHA1

41f2aa675aa7aff5c2bb9411ebafc8146d0fb5fb
SHA256

b137518ba4d5e2b3d0ab8dd60b01b83bbc4f7a053634ea9304bf49a8de0b0fd0
SHA512

7a436edfb5417d29c20b33fd4dcdd5fc8a85028023b419cc42d6d2227cd3203401c8a15d775f693e17e2e591aa3477b9501f866229dd6422f675e873ca678194
SSDEEP

12288:d6Pfi2WaxsHKztbdusJzwnr+L9j5zWQ33Tw0oIxyTsFrffyxD:dkq2Wax+yRTqr+LV5yY80oIxyerfID

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/vdmexploit.dll	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vdmallowed.exe
unpack001/vdmexploit.dll

Files

d4fc33064b8c944d090c23c9369a9917_JaffaCakes118
.zip
vdmallowed.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vdmexploit.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 299KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 26KB - Virtual size: 56KB

Size: 5KB - Virtual size: 12KB

Size: 2KB - Virtual size: 16KB

.data Size: 300KB - Virtual size: 300KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 15KB - Virtual size: 28KB

Size: 3KB - Virtual size: 8KB

Size: 1KB - Virtual size: 8KB

Size: 2KB - Virtual size: 4KB

.data Size: 299KB - Virtual size: 300KB

.adata Size: - Virtual size: 4KB

.data
Size: 300KB - Virtual size: 300KB

.adata
Size: - Virtual size: 4KB

.data
Size: 299KB - Virtual size: 300KB

.adata
Size: - Virtual size: 4KB