358890e8cd594976b8f6b6360b8abe1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

358890e8cd594976b8f6b6360b8abe1b_JaffaCakes118
Size

12.2MB
MD5

358890e8cd594976b8f6b6360b8abe1b
SHA1

76bf278b5aefd2bc67fa4b5648ccac137166cf8d
SHA256

ec1c9f15b7a57e615c2288647c90ebf93f02ff9533c162705ebc478d8ad14fea
SHA512

5761e2b7349f15435144180fe59b0b018b5c380c3997c5db2bfa0e204c192808e729f55d3c9dff119b57f47947a346193e0f3d77018ff7ff5e1dc442613323e5
SSDEEP

393216:OaVVBnKQ74ESCoolugvVHiEXDwEHemZv2Q8:tXsESfLOZiECCm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Crack/xfcp2019.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Crack/xfcp2019.exe
unpack003/out.upx

Files

358890e8cd594976b8f6b6360b8abe1b_JaffaCakes118
.rar
Corel Painter 2019 v19.1.0.487 + Crack/Crack.rar
.rar
Crack/install.txt
Crack/xfcp2019.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 250KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Corel Painter 2019 v19.1.0.487 + Crack/Downloaded from CracksMind.Com.txt
Corel Painter 2019 v19.1.0.487 + Crack/Update/Update.exe
.exe windows:5 windows x86 arch:x86

82f25fd39191fcfd9c5f45367e4c0787

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

22/05/2019, 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:7c:02:1b:99:95:a1:57:c8:67:8f:f4:cb:ac:dd:ed:c3:ab:fd:06:0f:20:f9:79:c1:ef:36:e0:3e:bc:b3:4f
Signer

Actual PE Digest

58:7c:02:1b:99:95:a1:57:c8:67:8f:f4:cb:ac:dd:ed:c3:ab:fd:06:0f:20:f9:79:c1:ef:36:e0:3e:bc:b3:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb

Imports

comctl32

ord17

kernel32

CompareStringW
CompareStringA
GetSystemDefaultLangID
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
CopyFileW
GetSystemDefaultUILanguage
GlobalAlloc
GlobalFree
MulDiv
CloseHandle
Sleep
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
lstrcpyW
lstrlenW
SetCurrentDirectoryW
DeleteFileW
IsBadReadPtr
DuplicateHandle
GetLastError
SetLastError
WaitForSingleObject
GetCurrentProcess
ExitProcess
TerminateProcess
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetSystemDirectoryW
VirtualProtectEx
WriteProcessMemory
GetPrivateProfileIntW
LoadLibraryW
lstrcatW
lstrcpynW
lstrcmpiW
LoadLibraryExW
FreeLibrary
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
CreateEventW
CreateMutexW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
SetErrorMode
FreeResource
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RaiseException
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
FindFirstFileW
FindClose
CreateDirectoryW
VerLanguageNameW
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
lstrcpyA
GetTickCount
ExitThread
CreateThread
GetExitCodeProcess
ReadFile
GetCommandLineW
RemoveDirectoryW
FormatMessageW
LocalFree
GetVersionExW
GetWindowsDirectoryW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
CreateFileW
LoadLibraryA
GetSystemDirectoryA
FindResourceW
GlobalUnlock
GlobalLock
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
MoveFileExW
EnumSystemLocalesW
GetUserDefaultLCID
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
GetStringTypeW
GetCurrentThreadId
GetCPInfo
GetOEMCP
IsValidCodePage
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FatalAppExitA
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
lstrcpynA
LocalAlloc
FindNextFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
lstrcmpW
GetShortPathNameW
GetCurrentThread
QueryPerformanceCounter
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetEnvironmentVariableW
CompareFileTime
SetFileTime
InterlockedExchange
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
LCMapStringW
GetVersion
GetCurrentProcessId
GetLocalTime
lstrlenA
GetProcessTimes
OpenProcess

user32

WaitForInputIdle
wsprintfW
CharUpperBuffW
SendMessageW
MoveWindow
DialogBoxIndirectParamW
SetDlgItemTextW
SetActiveWindow
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
LoadIconW
TranslateMessage
DispatchMessageW
PeekMessageW
EndDialog
GetDlgItem
SystemParametersInfoW
GetWindow
FillRect
GetSysColor
MapWindowPoints
RemovePropW
GetPropW
SetPropW
EndPaint
BeginPaint
EnableMenuItem
GetSystemMetrics
SetFocus
ExitWindowsEx
CharUpperW
wsprintfA
CallWindowProcW
CreateWindowExW
DrawIcon
DrawTextW
UpdateWindow
GetWindowDC
InvalidateRect
DrawFocusRect
CopyRect
InflateRect
EnumChildWindows
GetClassNameW
MapDialogRect
RegisterClassExW
GetDlgItemTextW
IntersectRect
MonitorFromPoint
DefWindowProcW
GetMessageW
LoadStringW
LoadImageW
ReleaseDC
GetDC
CreateDialogParamW
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
CreateDialogIndirectParamW
IsWindowVisible
IsDialogMessageW
FindWindowExW
ScreenToClient
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
PostMessageW

gdi32

SetTextColor
SetBkMode
SetBkColor
SaveDC
RestoreDC
CreateSolidBrush
UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
BitBlt
GetObjectW
TranslateCharsetInfo
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateDCW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
DeleteMetaFile
CreateDIBitmap
CreateBitmap
CreateRectRgn
PatBlt
PlayMetaFile
SelectClipRgn
SetMapMode
SetMetaFileBitsEx
SetPixel
StretchBlt
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutW

advapi32

RegCreateKeyExW
CryptVerifySignatureW
CryptSignHashW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptImportKey
CryptExportKey
CryptGetHashParam
CryptSetHashParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenThreadToken
RegEnumKeyW
RegCreateKeyW
RegOverridePredefKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
ProgIDFromCLSID
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
GetRunningObjectTable
CreateItemMoniker
CoLoadLibrary
CoCreateGuid
StringFromGUID2

oleaut32

SysStringByteLen
VarBstrCmp
CreateErrorInfo
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysReAllocStringLen
GetErrorInfo
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
VarUI4FromStr
VarBstrCat

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

gdiplus

GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc

Sections

.text
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 664KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Corel Painter 2019 v19.1.0.487 + Crack/install.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 460KB

UPX1 Size: 250KB - Virtual size: 252KB

.rsrc Size: 65KB - Virtual size: 68KB

Headers

File Characteristics

Sections

.text Size: 495KB - Virtual size: 495KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 20KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 29KB - Virtual size: 29KB

.rsrc Size: 100KB - Virtual size: 100KB

82f25fd39191fcfd9c5f45367e4c0787

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4cCertificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

58:7c:02:1b:99:95:a1:57:c8:67:8f:f4:cb:ac:dd:ed:c3:ab:fd:06:0f:20:f9:79:c1:ef:36:e0:3e:bc:b3:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

gdiplus

Sections

.text Size: 686KB - Virtual size: 685KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 664KB - Virtual size: 664KB

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 250KB - Virtual size: 252KB

.rsrc
Size: 65KB - Virtual size: 68KB

.text
Size: 495KB - Virtual size: 495KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 100KB - Virtual size: 100KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

58:7c:02:1b:99:95:a1:57:c8:67:8f:f4:cb:ac:dd:ed:c3:ab:fd:06:0f:20:f9:79:c1:ef:36:e0:3e:bc:b3:4f
Signer

.text
Size: 686KB - Virtual size: 685KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 664KB - Virtual size: 664KB