21600d309239b487b4d220764ac4d4a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21600d309239b487b4d220764ac4d4a0_JaffaCakes118
Size

1.8MB
MD5

21600d309239b487b4d220764ac4d4a0
SHA1

d97a9ae9923f31e71066244a7ce036d6bace34cd
SHA256

d14d573aceab27e2553339e5cd97eb375ce42e5fc28d2ea66ad6545fcb0146ce
SHA512

82c65f7543138a31d24ec469df0978d6a552066841b0e2254f31a6ff538b4004a9acbf141f4b5c62db83ef69e75e5acc7ca6e223a5ee68a500044f89d373d31e
SSDEEP

49152:d8WrVJ2iC1L0yPwzp1o20zlqzbkiKuVHkRit/PQJm4dedF:d8WZJNkL0y+LoP8v5ZdAiem4dedF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

21600d309239b487b4d220764ac4d4a0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/06/2019, 00:00

Not After

23/06/2020, 12:00

Subject

SERIALNUMBER=91310114MA1GT2YR45,CN=上海剑姬网络科技有限公司,O=上海剑姬网络科技有限公司,L=上海,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c06e4b88ae6b5b7,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/06/2019, 00:00

Not After

23/06/2020, 12:00

Subject

SERIALNUMBER=91310114MA1GT2YR45,CN=上海剑姬网络科技有限公司,O=上海剑姬网络科技有限公司,L=上海,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c06e4b88ae6b5b7,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b0:1c:9b:7c:b4:5d:4a:7e:fa:85:56:fb:a1:25:5e:60:ad:2e:e3:af:e1:c2:b2:d5:c6:64:a5:2d:5e:10:d2:d8
Signer

Actual PE Digest

b0:1c:9b:7c:b4:5d:4a:7e:fa:85:56:fb:a1:25:5e:60:ad:2e:e3:af:e1:c2:b2:d5:c6:64:a5:2d:5e:10:d2:d8

Digest Algorithm

sha256

PE Digest Matches

true

ca:ef:bb:ad:59:95:ab:26:71:b0:06:c2:22:f0:b1:6a:64:7f:c5:fd
Signer

Actual PE Digest

ca:ef:bb:ad:59:95:ab:26:71:b0:06:c2:22:f0:b1:6a:64:7f:c5:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 893KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b0:1c:9b:7c:b4:5d:4a:7e:fa:85:56:fb:a1:25:5e:60:ad:2e:e3:af:e1:c2:b2:d5:c6:64:a5:2d:5e:10:d2:d8Signer

ca:ef:bb:ad:59:95:ab:26:71:b0:06:c2:22:f0:b1:6a:64:7f:c5:fdSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.7MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 226KB - Virtual size: 228KB

Headers

DLL Characteristics

File Characteristics

Sections

.textbss Size: - Virtual size: 2.2MB

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 893KB - Virtual size: 893KB

.data Size: 57KB - Virtual size: 87KB

.idata Size: 15KB - Virtual size: 14KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 271KB - Virtual size: 270KB

.reloc Size: 173KB - Virtual size: 173KB

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

05:02:1b:f3:99:08:96:85:61:27:bf:af:b1:03:19:91
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b0:1c:9b:7c:b4:5d:4a:7e:fa:85:56:fb:a1:25:5e:60:ad:2e:e3:af:e1:c2:b2:d5:c6:64:a5:2d:5e:10:d2:d8
Signer

ca:ef:bb:ad:59:95:ab:26:71:b0:06:c2:22:f0:b1:6a:64:7f:c5:fd
Signer

UPX0
Size: - Virtual size: 6.7MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 226KB - Virtual size: 228KB

.textbss
Size: - Virtual size: 2.2MB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 893KB - Virtual size: 893KB

.data
Size: 57KB - Virtual size: 87KB

.idata
Size: 15KB - Virtual size: 14KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 271KB - Virtual size: 270KB

.reloc
Size: 173KB - Virtual size: 173KB