03a8a23a91a879de1e356c6f565cbc87_JaffaCakes118 | Triage

Sharing

General

Target

03a8a23a91a879de1e356c6f565cbc87_JaffaCakes118
Size

77KB
MD5

03a8a23a91a879de1e356c6f565cbc87
SHA1

0f9c6c37f7c83d3bcaf4861676a3c1fb9767ff31
SHA256

0dc9412a9ac8129142c670a603b32e5b1da17b1adab1022e51f45ac90e29fa12
SHA512

9074ac569b23a45e38ec7be7f9434e53daf0b9b03329e068ace97cfe6b56fc58301a97a590eb501ce1a5f322f2d1b28a085fbe4f23b32355b51580d4ec6cdc9d
SSDEEP

1536:n7L1cQwNSlX00X1l73JJJWwgyMlm1ggRBql4YeTNZ3qn8CmO8Z:n7L1NX00XDLHxg7mXRI3O6n8CP8Z

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
03a8a23a91a879de1e356c6f565cbc87_JaffaCakes118
unpack001/out.upx

Files

03a8a23a91a879de1e356c6f565cbc87_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ