0419f609c5d92b19b9a41c985931b02d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0419f609c5d92b19b9a41c985931b02d_JaffaCakes118
Size

7KB
MD5

0419f609c5d92b19b9a41c985931b02d
SHA1

fac1ecc2238443a81896699232fb1ab533d05d73
SHA256

b8fcd45ba2e4e0e2431cf08c1fc43eb1a6bcb3bf22ab049bd5a92c498b90a2cc
SHA512

a5192e2aeadaf0a5af2738f9fad7663636df5081120a42f3d855a6c5fcd95bbbc56b8f7b7cf7c81611452e1e396dfdd6beb11d6b87e68af88bab919375af4950
SSDEEP

96:6Mp3tE4693cttttKZEqLaDiOhU9xzEpIfGorMpetV2EuFldhc3okdsIi:33XW3ibQTOhIsIfK8huRhc3okdsI

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0419f609c5d92b19b9a41c985931b02d_JaffaCakes118
unpack001/out.upx

Files

0419f609c5d92b19b9a41c985931b02d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

VDMEnumTaskWOWEx
VDMTerminateTaskWOW
WSPStartup

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ