0003b6396f3b426ce01e00b14d1d568d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0003b6396f3b426ce01e00b14d1d568d_JaffaCakes118
Size

85KB
MD5

0003b6396f3b426ce01e00b14d1d568d
SHA1

a0ee08ab4ec8ff8cf283bd4d18f5eac04bcf4ec6
SHA256

d15be059d624f185824fc04cd68db95ee64b95b5f772d7392efaad74c06500b1
SHA512

4271671134993251b26372c78f3aa8b340f60dd86d732a9e8b4a5c43e4f815b623523a06b2bcf445865a394409e03d4cffa846bdd26366efafe10d1b3b90c3d5
SSDEEP

1536:AfNl7netQxMkCNkKoogQhnF11vlefT7UF:slcGMvNhuQhnF11vlOU

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0003b6396f3b426ce01e00b14d1d568d_JaffaCakes118

Files

0003b6396f3b426ce01e00b14d1d568d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE