0c77fd059672554ccff0bc2a9cd1046a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c77fd059672554ccff0bc2a9cd1046a_JaffaCakes118
Size

624KB
MD5

0c77fd059672554ccff0bc2a9cd1046a
SHA1

83708b04c63e07cd81c710ebd81e99146454742d
SHA256

114f31f9c1317f121760fafcd257adb7ea48ce41e46a2f526c431b15f2380c54
SHA512

1f6101448cae182e3898f91e977ca23aab67ad605f2fb368c67990f92046fc1b74b730d9f4f70aac48c95bf466921b92c74a0f7a910bd687992db24029287d43
SSDEEP

12288:YkQkbnZ4SgtrPVbMncWwH3xXQ54BK8F64ix470Sm+X1eikHY9aCT5QW:Y47kRscWwxgMKg6PxJSmLLwai

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

0c77fd059672554ccff0bc2a9cd1046a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

7f:61:65:22:d2:87:e8:5a:40:98:4a:2c:01:c4:14:c1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17-06-2014 00:00

Not After

17-06-2015 23:59

Subject

CN=Smart Secure Software S.l.,O=Smart Secure Software S.l.,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:64:38:81:f7:38:db:4f:4e:a7:25:30:2d:cb:7e:9e:5d:22:9b:88
Signer

Actual PE Digest

d7:64:38:81:f7:38:db:4f:4e:a7:25:30:2d:cb:7e:9e:5d:22:9b:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7f:61:65:22:d2:87:e8:5a:40:98:4a:2c:01:c4:14:c1Certificate

Extended Key Usages

Key Usages

d7:64:38:81:f7:38:db:4f:4e:a7:25:30:2d:cb:7e:9e:5d:22:9b:88Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 584KB - Virtual size: 588KB

.rsrc Size: 36KB - Virtual size: 36KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 367KB - Virtual size: 366KB

.data Size: 15KB - Virtual size: 35KB

.rsrc Size: 107KB - Virtual size: 107KB

.reloc Size: 128KB - Virtual size: 128KB

7f:61:65:22:d2:87:e8:5a:40:98:4a:2c:01:c4:14:c1
Certificate

d7:64:38:81:f7:38:db:4f:4e:a7:25:30:2d:cb:7e:9e:5d:22:9b:88
Signer

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 584KB - Virtual size: 588KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 367KB - Virtual size: 366KB

.data
Size: 15KB - Virtual size: 35KB

.rsrc
Size: 107KB - Virtual size: 107KB

.reloc
Size: 128KB - Virtual size: 128KB