0d048e1ec243ef640ef753bf5b3193aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d048e1ec243ef640ef753bf5b3193aa_JaffaCakes118
Size

1.9MB
MD5

0d048e1ec243ef640ef753bf5b3193aa
SHA1

ee2eac93dab9e182b56f0a7577806d40024ae558
SHA256

6d0c4806624ae4c55b6f572a6f85fec7d7c189a7f0a248d6ed14cf2b6d69c2c8
SHA512

10c15533ed5ace69bdc3a6ee480054f5e885dfd2afb408dbc4483f9cb821852b987afa897dcca4fd8d81bbcf2ebf43a24b63001189e66bd62523fe2c0a83defc
SSDEEP

49152:1bmIUKnc0W0nzT71hPghwGDw/x777i23p:1vnc0Jnv71mj8/xei

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/uTorrent3.4.3(40760)Stable.exe	upx

Files

0d048e1ec243ef640ef753bf5b3193aa_JaffaCakes118
.zip
settings.dat
uTorrent3.4.3(40760)Stable.exe
.exe windows:5 windows x86 arch:x86

Code Sign

57:32:c1:57:4e:6a:f8:28:e1:b4:f9:3a:bb:34:ed:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/06/2013, 00:00

Not After

03/09/2016, 23:59

Subject

CN=BitTorrent Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:7a:72:b1:8f:dd:cd:b6:34:f1:2d:8d:09:f0:41:a7:e4:a2:59:d1
Signer

Actual PE Digest

3d:7a:72:b1:8f:dd:cd:b6:34:f1:2d:8d:09:f0:41:a7:e4:a2:59:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.opcandy
Size: 293KB - Virtual size: 296KB

IMAGE_SCN_MEM_DISCARDABLE
utorrent.lng
.zip
Russian!ru.txt
english.txt
version

Sharing

General

Malware Config

Signatures

Files

Code Sign

57:32:c1:57:4e:6a:f8:28:e1:b4:f9:3a:bb:34:ed:08Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3d:7a:72:b1:8f:dd:cd:b6:34:f1:2d:8d:09:f0:41:a7:e4:a2:59:d1Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.5MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 122KB - Virtual size: 124KB

.opcandy Size: 293KB - Virtual size: 296KB

57:32:c1:57:4e:6a:f8:28:e1:b4:f9:3a:bb:34:ed:08
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3d:7a:72:b1:8f:dd:cd:b6:34:f1:2d:8d:09:f0:41:a7:e4:a2:59:d1
Signer

UPX0
Size: - Virtual size: 2.5MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 122KB - Virtual size: 124KB

.opcandy
Size: 293KB - Virtual size: 296KB