d9e22577eb55561a089053865c8b353b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9e22577eb55561a089053865c8b353b_JaffaCakes118
Size

75KB
MD5

d9e22577eb55561a089053865c8b353b
SHA1

f7ff3c7fab5fbf737438a233b15fd78f6b8608e3
SHA256

17b5a4e3a4c4a793e95f6f0c5558b1428dd0618daa1e0f8f59001d31d5529514
SHA512

b52a6981c6acee737f437e87343458878c2e17b76c38cf30c194caa694d3210ecd60db9c6ebbd151c60f4049b4d26ae9b88e25632b83a443996314883f433556
SSDEEP

1536:urwBv8B85q3RYU2lyLTK2xzJak+hVQDfTLcU9xlErD:ukB8BGqyUaSTKQ1aksmcU9xlEH

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9e22577eb55561a089053865c8b353b_JaffaCakes118

Files

d9e22577eb55561a089053865c8b353b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE