2d0abfa0fb5aac086ac0efccb079d076_JaffaCakes118

General

Target

2d0abfa0fb5aac086ac0efccb079d076_JaffaCakes118
Size

570KB
MD5

2d0abfa0fb5aac086ac0efccb079d076
SHA1

1d5909b1da4ff78021f6b850543db64cebbc9fd1
SHA256

20e4cc904b76e219adf5aed1ac916f2ba6f756c638d986811e8b91b2719dc944
SHA512

25218d768a595a0e1cf20db44bb615ae0def24abbcb7b8bd3192f431cca5af59a1ffa9ce81ee58946b2ee5fea259caaf3d5bc822efa94ba8a6a815cf87651481
SSDEEP

12288:DxGtNMUYKJ6BCdBxfzpLviEEMz51rhK1nIksIJe4Tgz6pB:dGbMUx6BCt7piEpzzrhK9Jekgz6p

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2d0abfa0fb5aac086ac0efccb079d076_JaffaCakes118
unpack001/out.upx

Files

2d0abfa0fb5aac086ac0efccb079d076_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 565KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 131B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 565KB - Virtual size: 568KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 33KB - Virtual size: 32KB

.bss Size: - Virtual size: 22KB

.idata Size: 14KB - Virtual size: 13KB

.didata Size: 1024B - Virtual size: 806B

.edata Size: 512B - Virtual size: 131B

.reloc Size: 118KB - Virtual size: 117KB

.rsrc Size: 125KB - Virtual size: 125KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 565KB - Virtual size: 568KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 33KB - Virtual size: 32KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 14KB - Virtual size: 13KB

.didata
Size: 1024B - Virtual size: 806B

.edata
Size: 512B - Virtual size: 131B

.reloc
Size: 118KB - Virtual size: 117KB

.rsrc
Size: 125KB - Virtual size: 125KB