08a94b1720a17b61cda0b7414d14432d_JaffaCakes118

General

Target

08a94b1720a17b61cda0b7414d14432d_JaffaCakes118
Size

152KB
MD5

08a94b1720a17b61cda0b7414d14432d
SHA1

6580fe17709500746f413ddb0f321e7ca640c45a
SHA256

cdf7e74e513d36bdc0462763c89cc34b9a96f9bf1d6831c6473c02cef76b9fb5
SHA512

76cb3c2d55151bfb101cdf1921b549c9e165b2b464658b19ccf1bed24e7b8f32f060921a87e9a8b6478902293224c234ee3d3d2a2598d4008cd5841940fe6bf3
SSDEEP

3072:GsflKbtMfcU2PFOQa81FHoVEhm/NFW9kY0qUOG5teqH8eUxDZQEKhemqE7cGdyni:fflKbWfcU2PF/RoV+m/P4Arc4PMQThvv

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
08a94b1720a17b61cda0b7414d14432d_JaffaCakes118
unpack001/out.upx

Files

08a94b1720a17b61cda0b7414d14432d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 316KB

UPX1 Size: 143KB - Virtual size: 144KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 247KB - Virtual size: 246KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 37KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 316KB

UPX1
Size: 143KB - Virtual size: 144KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 247KB - Virtual size: 246KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 37KB - Virtual size: 36KB