2d7b01a5a3746e0183fca7a0e211cb52_JaffaCakes118

General

Target

2d7b01a5a3746e0183fca7a0e211cb52_JaffaCakes118
Size

42KB
MD5

2d7b01a5a3746e0183fca7a0e211cb52
SHA1

53162a6d9d4fabfdf6065e994e98984fbb732803
SHA256

a3c6b2667dbfbaf17f4dc42df1e5d498d33ca29afe3ac803480a3c2a38074517
SHA512

c0b467e40c1b2ec866c15ad0a3e60957a43314b0f6ec0658431089a8f990d9a4a8198c5b9a7414d080d174df9f23a7f3bddb6bf015569851aeca2996674daa2a
SSDEEP

768:jpUDhOS0BwePY4/rKEI2d3n/JByd8uRfmXXbSGBDmlf4Sosos9gFN9ByMRRf:jWUHBppRnd3nM8uB+bVByt4Vsos9oN9T

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2d7b01a5a3746e0183fca7a0e211cb52_JaffaCakes118
unpack001/out.upx

Files

2d7b01a5a3746e0183fca7a0e211cb52_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

WSHAddressToString
WSHEnumProtocols
WSHGetBroadcastSockaddr
WSHGetProviderGuid
WSHGetSockaddrType
WSHGetSocketInformation
WSHGetWSAProtocolInfo
WSHGetWildcardSockaddr
WSHGetWinsockMapping
WSHIoctl
WSHJoinLeaf
WSHNotify
WSHOpenSocket
WSHOpenSocket2
WSHSetSocketInformation
WSHStringToAddress

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 208KB

UPX1 Size: 39KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 136KB - Virtual size: 136KB

.pata Size: 17KB - Virtual size: 17KB

.uata Size: 17KB - Virtual size: 17KB

.rata Size: 17KB - Virtual size: 17KB

.zata Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 208KB

UPX1
Size: 39KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 136KB

.pata
Size: 17KB - Virtual size: 17KB

.uata
Size: 17KB - Virtual size: 17KB

.rata
Size: 17KB - Virtual size: 17KB

.zata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 10KB - Virtual size: 9KB