1073f6285820c0783c6ae42907ed7a15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1073f6285820c0783c6ae42907ed7a15_JaffaCakes118
Size

1.1MB
MD5

1073f6285820c0783c6ae42907ed7a15
SHA1

6282c21574ea6fa19c8bbaf95cf67a6df6ddfd43
SHA256

27300dcc87f79d9046c2fe01bd2fb271ba049c0c2e616962c0abdddc5d99c44d
SHA512

fc47c1584c209b7309c7f3414d9043a0894f1db28fc9989a73c2387950074f920324bf7f7e130150ae9dde3b48ba7f9dc92d02e835a922b1cb86ec8d723e7d38
SSDEEP

24576:dsKuGWFgHxOtXFhjxzjEhfe/49AOsnTbN3lOmFwraHmK1biuOd7:eKuGWFa8FbHEY/AjuTbPOPr0X1pOd7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1073f6285820c0783c6ae42907ed7a15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a9:18:e8:ee:5d:da:2d:1e:66:e2:6c:e9:ff:0d:75
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/07/2020, 00:00

Not After

21/07/2021, 12:00

Subject

SERIALNUMBER=91441900MA4X7P7J07,CN=Guangdong Fengqi Technology Co.\, Ltd.,O=Guangdong Fengqi Technology Co.\, Ltd.,L=东莞市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e4b89ce88e9ee5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:4c:e8:19:45:9c:72:b4:5a:be:b4:a7:f2:02:41:b9:a9:a9:98:7c:01:03:68:30:df:d2:d8:23:fe:3b:34:c8
Signer

Actual PE Digest

a8:4c:e8:19:45:9c:72:b4:5a:be:b4:a7:f2:02:41:b9:a9:a9:98:7c:01:03:68:30:df:d2:d8:23:fe:3b:34:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

05:a9:18:e8:ee:5d:da:2d:1e:66:e2:6c:e9:ff:0d:75Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a8:4c:e8:19:45:9c:72:b4:5a:be:b4:a7:f2:02:41:b9:a9:a9:98:7c:01:03:68:30:df:d2:d8:23:fe:3b:34:c8Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 270KB - Virtual size: 270KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 456KB - Virtual size: 456KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

05:a9:18:e8:ee:5d:da:2d:1e:66:e2:6c:e9:ff:0d:75
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a8:4c:e8:19:45:9c:72:b4:5a:be:b4:a7:f2:02:41:b9:a9:a9:98:7c:01:03:68:30:df:d2:d8:23:fe:3b:34:c8
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 270KB - Virtual size: 270KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 456KB - Virtual size: 456KB