e94b5c1b6775c0fc033c4887d9f909eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e94b5c1b6775c0fc033c4887d9f909eb_JaffaCakes118
Size

66KB
MD5

e94b5c1b6775c0fc033c4887d9f909eb
SHA1

ee724c64b7e0f71f5a46c8618dd0a637af7809f7
SHA256

8a1eef23f8901cbfd4971f5d59be62d07465c7cef2a465438b9d808f0f7c457a
SHA512

a916cc7ad5d64743c1596a73d9edf56cf3975a684b52a8e996937e94b1d38eb632e3582e6040c6d6059d7a2028a94c4b56132085bfa16d4d6e26bc0e1d9d6048
SSDEEP

1536:g//56NI+3iUR3A16MBh7baCS6ShoBiu+lwqxaJnouy8n5idi1n/E:gwXeNB5lS6EoGyhZoutnW

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e94b5c1b6775c0fc033c4887d9f909eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Code Sign

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1c
Certificate

Issuer

CN=Vatione,ST=Hubei,C=China,1.2.840.113549.1.9.1=#0c15766174696f6e656c696e407669702e71712e636f6d

Not Before

19/07/2021, 08:01

Not After

24/12/2040, 16:00

Subject

CN=Vatione,ST=Hubei,C=China,1.2.840.113549.1.9.1=#0c15766174696f6e656c696e407669702e71712e636f6d

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1c
Certificate

Issuer

CN=Vatione,ST=Hubei,C=China,1.2.840.113549.1.9.1=#0c15766174696f6e656c696e407669702e71712e636f6d

Not Before

19/07/2021, 08:01

Not After

24/12/2040, 16:00

Subject

CN=Vatione,ST=Hubei,C=China,1.2.840.113549.1.9.1=#0c15766174696f6e656c696e407669702e71712e636f6d

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:68:6f:cc:b8:3e:ea:e5:41:22:22:f3:01:32:04:00:84:23:8f:80:ca:8b:7f:21:78:5a:ab:db:4b:52:d2:35
Signer

Actual PE Digest

8c:68:6f:cc:b8:3e:ea:e5:41:22:22:f3:01:32:04:00:84:23:8f:80:ca:8b:7f:21:78:5a:ab:db:4b:52:d2:35

Digest Algorithm

sha256

PE Digest Matches

true

55:42:41:70:a4:b9:40:77:fd:6e:fb:e9:d3:15:fc:b5:40:14:a7:2c
Signer

Actual PE Digest

55:42:41:70:a4:b9:40:77:fd:6e:fb:e9:d3:15:fc:b5:40:14:a7:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_��ӳ��

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

8c:68:6f:cc:b8:3e:ea:e5:41:22:22:f3:01:32:04:00:84:23:8f:80:ca:8b:7f:21:78:5a:ab:db:4b:52:d2:35Signer

55:42:41:70:a4:b9:40:77:fd:6e:fb:e9:d3:15:fc:b5:40:14:a7:2cSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 168KB

UPX1 Size: 54KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 4KB

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

02:64:32:af:56:8a:5a:5d:b7:3d:5e:e4:22:6e:c8:1c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8c:68:6f:cc:b8:3e:ea:e5:41:22:22:f3:01:32:04:00:84:23:8f:80:ca:8b:7f:21:78:5a:ab:db:4b:52:d2:35
Signer

55:42:41:70:a4:b9:40:77:fd:6e:fb:e9:d3:15:fc:b5:40:14:a7:2c
Signer

UPX0
Size: - Virtual size: 168KB

UPX1
Size: 54KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 4KB