15f8dfce29af91dec638c9ff5db36163_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15f8dfce29af91dec638c9ff5db36163_JaffaCakes118
Size

411KB
MD5

15f8dfce29af91dec638c9ff5db36163
SHA1

f21a899fd4076c662aad3eff061cc7d6595b24b2
SHA256

e4e08f0ae5182dd47dac18b84f5467cdcb4018d59ad0e7d7ba6309ee663a34b5
SHA512

d2c4674fb3981e4c3f48ef5d0df60a762657369d566943ff5dd2fc3d0f3fedaa65e08fee085dcb20e8ed19627baf0f14297aab208585e3f4f82f9f2bc6d0a5be
SSDEEP

6144:Bzg9hGPXBXDp4aufkZx5/Txkis+4sukqH8x7RhtNGLM2cKhkGW9zD3oqEoxJGaad:XZXVufk1GEFqHgaw2ZkZ9n3o8xJc6q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

15f8dfce29af91dec638c9ff5db36163_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

17/11/2014, 01:23

Not After

17/11/2016, 01:23

Subject

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a2:e2:e4:77:82:6f:3a:ac:e1:f6:29:90:a0:46:a3:99:41:8f:fb
Signer

Actual PE Digest

70:a2:e2:e4:77:82:6f:3a:ac:e1:f6:29:90:a0:46:a3:99:41:8f:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4Certificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

70:a2:e2:e4:77:82:6f:3a:ac:e1:f6:29:90:a0:46:a3:99:41:8f:fbSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 784KB

UPX1 Size: 378KB - Virtual size: 380KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

CODE Size: 940KB - Virtual size: 939KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 57KB - Virtual size: 57KB

.rsrc Size: 100KB - Virtual size: 100KB

1c:07:34:9c:d8:0d:11:9a:a9:9f:d8:e1:72:28:8c:d4
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

70:a2:e2:e4:77:82:6f:3a:ac:e1:f6:29:90:a0:46:a3:99:41:8f:fb
Signer

UPX0
Size: - Virtual size: 784KB

UPX1
Size: 378KB - Virtual size: 380KB

.rsrc
Size: 27KB - Virtual size: 28KB

CODE
Size: 940KB - Virtual size: 939KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 100KB - Virtual size: 100KB