10720111984a5ebb7e182e3157389c08_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10720111984a5ebb7e182e3157389c08_JaffaCakes118
Size

119KB
MD5

10720111984a5ebb7e182e3157389c08
SHA1

578cb9e3aeae1253fc91303ffc6cd6410c5612c8
SHA256

92e9630e4e0e35187ef649c342bb8ca805ba63e72fdf9579361e493576934f83
SHA512

5e56f05fd6e2909379fe43a12987796ea8a34195be07925baebd199f1045a4a7247be5d27ce53c8d8973b0223c7642236c7a43802351b4fa9842697de46491cc
SSDEEP

1536:gyGMnS9iMh82leTM5nP4R5HZRIv6WagAkgawkNTd1yU7q40:gyvSdeTM5nPEGRnWmr1yU0

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10720111984a5ebb7e182e3157389c08_JaffaCakes118

Files

10720111984a5ebb7e182e3157389c08_JaffaCakes118
.dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vkata
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE