55c49be0b9cefc9479bd35948e541037_JaffaCakes118 | Triage

Sharing

General

Target

55c49be0b9cefc9479bd35948e541037_JaffaCakes118
Size

173KB
MD5

55c49be0b9cefc9479bd35948e541037
SHA1

aec70176f1fab43b579ff203c4724f4942c49741
SHA256

77a3590e6893e5c33c774536c6e52fcb5e991a85203d28b1e4de13b293e06af8
SHA512

ca516821c677d05ca933cd9071443a373a62227352b4e3b56614af780ee2543b3513fc0d799bc0fb817ed77f4e47e6b482ef998bba684a91e93da393a26df830
SSDEEP

3072:dRqb3b/pbMHjMIjDTOBR5BWw2tfhdh4z6P8dUo+bfdQIaoPAyt:dRqKHjzzOB/BT2tf5Awbf21H

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
55c49be0b9cefc9479bd35948e541037_JaffaCakes118
unpack001/out.upx

Files

55c49be0b9cefc9479bd35948e541037_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CNWZSyLuxDNE
DtjhYgT
NJMUnjmVN
TrMXtnV
cChXcVOLUz

Sections

UPX0
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ