2d996518221cab5304a024caa6cc0bd1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d996518221cab5304a024caa6cc0bd1_JaffaCakes118
Size

102KB
MD5

2d996518221cab5304a024caa6cc0bd1
SHA1

0ba78b65fa9e4e5664159e77da90659cb3756c24
SHA256

dd5185947a847b496b5da6f2c1810c9ec0b3fe9b2dd4cf61919fd2da03d5ea05
SHA512

e4c98e9bb5b3af2e4e63fc6ec0de553bcde10dde28eece88405e8d098fcfbdea30e822403ab8dd2e3296133c577b8eecb4a164cacbf156b68d877830eec8700f
SSDEEP

1536:oBFy58oS9YCvnFsgpxbZlA5VOM6lIx5ihgE58:4FyJxkFsUVdlIx5jR

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d996518221cab5304a024caa6cc0bd1_JaffaCakes118

Files

2d996518221cab5304a024caa6cc0bd1_JaffaCakes118
.dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

voata
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE