2d5f9c41fd4925343a580edcf250509c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d5f9c41fd4925343a580edcf250509c_JaffaCakes118
Size

163KB
MD5

2d5f9c41fd4925343a580edcf250509c
SHA1

7fd7d438241048fd5f10f99fbf1810816ab92a00
SHA256

ca4093c308e71a6ee0bf59b72e2c4e8c0116472e8920943b4549a1f35bb9fb3d
SHA512

c7ff6f1112d92bf96d44dc92cdaaa8d311f6762ae54b52b04ece46f8f0cffa979c585ac9e3c7fb588a6a241cd8bb58c06c41ea62fc4403ad055b8ce7c0f25f85
SSDEEP

3072:5VdY1p9s5WZyHPH7t76L63c/tNWUR0SeWDy2F035v174OufspMFaVI4g9b/ML+e:5V+xsWyHP8Ww7WMTeWWX35N0Oufqd0b4

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d5f9c41fd4925343a580edcf250509c_JaffaCakes118

Files

2d5f9c41fd4925343a580edcf250509c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePProc
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
SetVMToolTip
Uninstall
UserLogOff
UserLogOn

Sections

UPX0
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE