f2514901fc844d09f822189e54023fe1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2514901fc844d09f822189e54023fe1_JaffaCakes118
Size

129KB
MD5

f2514901fc844d09f822189e54023fe1
SHA1

9ccc3d2ac8de5776035d6079aa6f531adb87ac2b
SHA256

b831003020f7b99afffa74592d49c3aa3c1ab696015894d7612a33bd19f7b8b9
SHA512

6e0f2fe857baad2de599f885196ed63be96834f7cf90598bf92e260e020c38c9870e1d203b894122dd8a0f4a088dd28c962133ff31fad32c3e39882d28a23919
SSDEEP

3072:f/rOI+MDijxHQDRVkAkRqEw9Tq0UY79jwND5uMF4l1SZBRv:fz+iijh4V9kdw9BUY79ENDEMF4l1SB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

f2514901fc844d09f822189e54023fe1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:b9:e9:7b:b2:d0:ff:ee:11:fc:af:f8:6c:6c:ac:06
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

30/05/2001, 00:00

Not After

31/05/2002, 23:59

Subject

CN=Opale Net,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Web,O=VeriSign\, Inc.,L=Internet+L=Montreal,ST=Quebec,C=CA

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

3f:b9:e9:7b:b2:d0:ff:ee:11:fc:af:f8:6c:6c:ac:06Certificate

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 84KB - Virtual size: 88KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 157KB

.rsrc Size: 36KB - Virtual size: 36KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

3f:b9:e9:7b:b2:d0:ff:ee:11:fc:af:f8:6c:6c:ac:06
Certificate

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 84KB - Virtual size: 88KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 157KB

.rsrc
Size: 36KB - Virtual size: 36KB