38fe94e1cc5f3f3f922582bae61ead0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38fe94e1cc5f3f3f922582bae61ead0e_JaffaCakes118
Size

610KB
MD5

38fe94e1cc5f3f3f922582bae61ead0e
SHA1

ec89ec1e45232cc220578b0f0fc2825abb35854b
SHA256

6ddb3c2a8959d18e7b69b2f0cde0de0d055b72f9d5413f8cc31e24b5e6ea5d2d
SHA512

0b36b018e06be8874c2c351fea1ff3e1e151b4c89bedbb0bd84d6aa3ef5eb00b2069f1717b096d1d91ee87379d8aaedbd33dd97ccc7df60f0cd95d02b2f6cc1a
SSDEEP

6144:+dRiAmpQVCt82NbK2ACM6sJGHEiJv2g9rkPUxb2fUVIbCqEDMdkeP9Ou+SHNRmUZ:+dkAUK2ARB2v2W4Mb2fFbPlnFO4RZ9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

38fe94e1cc5f3f3f922582bae61ead0e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

09/11/2017, 17:25

Not After

09/11/2020, 17:55

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:63:e2:e2
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

10/09/2009, 21:59

Not After

10/09/2019, 22:29

Subject

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/03/2018, 00:00

Not After

05/03/2021, 12:00

Subject

SERIALNUMBER=624 255 956,CN=Tweakbit Pty Ltd,O=Tweakbit Pty Ltd,L=Sydney,ST=New South Wales,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/03/2018, 00:00

Not After

05/03/2021, 12:00

Subject

SERIALNUMBER=624 255 956,CN=Tweakbit Pty Ltd,O=Tweakbit Pty Ltd,L=Sydney,ST=New South Wales,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

29/05/2018, 18:26

Not After

29/08/2029, 18:56

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d
Signer

Actual PE Digest

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d

Digest Algorithm

sha256

PE Digest Matches

true

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05
Signer

Actual PE Digest

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 389KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40Certificate

Extended Key Usages

Key Usages

38:63:e2:e2Certificate

Key Usages

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87Certificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7dSigner

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 389KB - Virtual size: 392KB

.rsrc Size: 203KB - Virtual size: 204KB

Headers

File Characteristics

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.itext Size: 4KB - Virtual size: 4KB

.data Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 24KB

.idata Size: 7KB - Virtual size: 6KB

.didata Size: 1024B - Virtual size: 1020B

.edata Size: 512B - Virtual size: 178B

.tls Size: - Virtual size: 32B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 202KB - Virtual size: 201KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

38:63:e2:e2
Certificate

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d
Signer

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 389KB - Virtual size: 392KB

.rsrc
Size: 203KB - Virtual size: 204KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 24KB

.idata
Size: 7KB - Virtual size: 6KB

.didata
Size: 1024B - Virtual size: 1020B

.edata
Size: 512B - Virtual size: 178B

.tls
Size: - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 202KB - Virtual size: 201KB