13a5765ad18e8d525364cd45b9c8a0c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13a5765ad18e8d525364cd45b9c8a0c2_JaffaCakes118
Size

85KB
MD5

13a5765ad18e8d525364cd45b9c8a0c2
SHA1

694c4de687df3c19822dff1cac8636b9ed25da3c
SHA256

c17f40e9336c9a578fdd0f657276756eaf9f6a63f6cdd704756a041a761f1555
SHA512

f061b039461b63a8094ee89710e275b96d650b3ec826f237e312dad79c835e77e8c5dff45567c34b34f52bf154df339c0d829ce63b1f13bfd690038898d18927
SSDEEP

768:lJal/8ohTj7Irb2rkDPrXpAbbJbYCc0bVB18ibvC1Kf1NS2lsNYpdljuVT7l5VwD:T2xK2APrXKbfJRX8ib6A1vlsQlAT7R

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13a5765ad18e8d525364cd45b9c8a0c2_JaffaCakes118

Files

13a5765ad18e8d525364cd45b9c8a0c2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE