f504ebb390f5910588084211ae8e34ef_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f504ebb390f5910588084211ae8e34ef_JaffaCakes118
Size

1.1MB
MD5

f504ebb390f5910588084211ae8e34ef
SHA1

e8ece04463da3bd0403306e13bae270924ab5d63
SHA256

c035aab167307965267cb26fa2e67b1fbdf697ce0b007401a80cdbf39934abc4
SHA512

d9378145a20771aecb2a44ad210da6d6666931a2a8cb00033b55934789caef13e82a9e85257de438549eab4ada1cf15c1da4bdabf9eb29554f3b16a6a0462949
SSDEEP

6144:4FwT7u94oSpgE611Cgf1vi4qLitxTOOzLHOf61TmkuU0FVa2oS9:v/uSoSSlJiwTLfuU0FVhoS9

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f504ebb390f5910588084211ae8e34ef_JaffaCakes118

Files

f504ebb390f5910588084211ae8e34ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Koumi_AdjustAero
Koumi_AdjustHSV
Koumi_Attach
Koumi_AttachEx
Koumi_AttachExt
Koumi_AttachRes
Koumi_AttachResEx
Koumi_Detach
Koumi_DetachEx
Koumi_GetColor
Koumi_LockUpdate
Koumi_Map
Koumi_NineBlt
Koumi_SetAero
Koumi_SetBackColor
Koumi_SetFont
Koumi_SetFontEx
Koumi_SetForeColor
Koumi_SetMenuAlpha
Koumi_SetTitleMenuBar
Koumi_SetWindowAlpha
Koumi_SetWindowMovable
Koumi_VerifySign

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE