3fd8e393df8696fedb9c034cec14525f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fd8e393df8696fedb9c034cec14525f_JaffaCakes118
Size

1.0MB
MD5

3fd8e393df8696fedb9c034cec14525f
SHA1

d4ecd3772abaea7fc0703c546ed6db5a93e985d1
SHA256

567c5a17a9fca14b41198f81ff4e80cdd413b2f4fc865598bf873acc008dc637
SHA512

3c2fe717253ae3587fe849d74514ca9ac92259d5a64fb52a6ad7252bff1d66e845f5a8b49825b8e9b4fc70b3847b13803594ba379509ea287676efdc60a81de8
SSDEEP

24576:2PNoN2Or5JlT0QE9bQRbU+9uPyIOToycxvHDhMrPEDE:2lo4T92P9u5dZHDGPWE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

3fd8e393df8696fedb9c034cec14525f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:54:86:cb:cc:48:7b:90:f6:e8:ef:69:4a:a7:c3:db
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/02/2019, 00:00

Not After

26/02/2021, 23:59

Subject

CN=dtpzone,O=dtpzone,POSTALCODE=10594,STREET=B125-52\, 140\, Tongil-ro\, Deogyang-gu\,,L=Goyang-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e7:ab:1b:0c:e2:0c:da:e9:ac:1d:18:99:9c:d7:49:27:74:58:2e:7f:54:6b:de:7e:65:08:00:79:68:ed:a1:68
Signer

Actual PE Digest

e7:ab:1b:0c:e2:0c:da:e9:ac:1d:18:99:9c:d7:49:27:74:58:2e:7f:54:6b:de:7e:65:08:00:79:68:ed:a1:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01Certificate

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

50:54:86:cb:cc:48:7b:90:f6:e8:ef:69:4a:a7:c3:dbCertificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

e7:ab:1b:0c:e2:0c:da:e9:ac:1d:18:99:9c:d7:49:27:74:58:2e:7f:54:6b:de:7e:65:08:00:79:68:ed:a1:68Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 104KB

UPX1 Size: 59KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 8KB - Virtual size: 5KB

01
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

50:54:86:cb:cc:48:7b:90:f6:e8:ef:69:4a:a7:c3:db
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

e7:ab:1b:0c:e2:0c:da:e9:ac:1d:18:99:9c:d7:49:27:74:58:2e:7f:54:6b:de:7e:65:08:00:79:68:ed:a1:68
Signer

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 59KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 8KB - Virtual size: 5KB