097d7f52d166888e293665317e8406f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

097d7f52d166888e293665317e8406f0_JaffaCakes118
Size

6KB
MD5

097d7f52d166888e293665317e8406f0
SHA1

bb5f0147ef8c9799ab791f15b45b3b2035615149
SHA256

27f4330895b1865107e13d185facb2c0723e4386cc1fe7d3f5676b458ce70cc7
SHA512

b2baadabd5d4eca96b7cb4da0aceb3bfab50864246926fb85313e736ddcab2a992509116292a6c7ee3b3236b451786e8e4325928cdb34a63800bffd6d6240fc2
SSDEEP

96:Av0HDk/uGPHoiTIpo+5jGJEUWjC2zX1IX+BxsItE99:AMHY/uGPHzTIppGSbjC2zX1ZMItE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
097d7f52d166888e293665317e8406f0_JaffaCakes118
unpack001/out.upx

Files

097d7f52d166888e293665317e8406f0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

SCM
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ