f60ddae2415033336cb6840eb4a7c7ed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f60ddae2415033336cb6840eb4a7c7ed_JaffaCakes118
Size

155KB
MD5

f60ddae2415033336cb6840eb4a7c7ed
SHA1

88df1c13cf7ab911dca6681a69c42f4cca34386a
SHA256

de0910e1f4f003c344e70b28ea6b2c24c8f1bee8b5ff94d6da2c1359ef2d0f3e
SHA512

6e5b2945a7966816f00f4e08f61c0a4541ea0b78d8d2aa82ade2b4f658895ae235476d7c11e99b311bc5ebf1c994ef0eed2e26c7c2bfef31951bdbccffe7a267
SSDEEP

3072:gvQZQefF9t0Dg+D5rDfQsuBLdlVv5m0Ip8jMeTdrfTzx:gvQWeF/4l5XMp7l9prLzx

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f60ddae2415033336cb6840eb4a7c7ed_JaffaCakes118
unpack001/out.upx

Files

f60ddae2415033336cb6840eb4a7c7ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ