14473a7d5c183c4ff94014261b5d0114_JaffaCakes118

General

Target

14473a7d5c183c4ff94014261b5d0114_JaffaCakes118
Size

48KB
MD5

14473a7d5c183c4ff94014261b5d0114
SHA1

8d7d2894889e79a592dd648f809ae9a258c6b08a
SHA256

e2433de3ffabc98cf695198fcdac06089c4f77656e9adf3d1b47c1f64026b2a0
SHA512

733c5d64e2b8211573b16d34cb663f5f1315fcc33f364cf457ac8bf7430bf05fa3f9002cac14b0c38b66af151816252eb2a66125e51b25b7b4aff03c72ea87fa
SSDEEP

768:ck9fcKQk0Pw66F39K5tPUdhFzr0AfEHFniEa4uJOVxOFRPmE:ck9f7L36itKDOX0AGH7nOuE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
14473a7d5c183c4ff94014261b5d0114_JaffaCakes118
unpack001/out.upx

Files

14473a7d5c183c4ff94014261b5d0114_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

WSHAddressToString
WSHEnumProtocols
WSHGetBroadcastSockaddr
WSHGetProviderGuid
WSHGetSockaddrType
WSHGetSocketInformation
WSHGetWSAProtocolInfo
WSHGetWildcardSockaddr
WSHGetWinsockMapping
WSHIoctl
WSHJoinLeaf
WSHNotify
WSHOpenSocket
WSHOpenSocket2
WSHSetSocketInformation
WSHStringToAddress

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 140KB

UPX1 Size: 40KB - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 101KB - Virtual size: 101KB

zdata Size: 9KB - Virtual size: 9KB

vdata Size: 1024B - Virtual size: 1024B

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 7KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 101KB - Virtual size: 101KB

zdata
Size: 9KB - Virtual size: 9KB

vdata
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 7KB - Virtual size: 6KB