408a4015f9572341dac31a7a89fafe08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

408a4015f9572341dac31a7a89fafe08_JaffaCakes118
Size

356KB
MD5

408a4015f9572341dac31a7a89fafe08
SHA1

95b1bb1188509239bb96579a5534ac2da56d9866
SHA256

12385798c5eda98a18144ae054459fe52b1ebf4847c9cbaac1f7fbebcd264403
SHA512

14f6e4c9fd7f552a694841b3d21dad9dc0891bf1f39b186277516ee1003e491542d79f6adceb63433b05bf5d6749abd9c87bc867ab69eafa378c82b665117be5
SSDEEP

6144:9w4UHvuzExt4UhatU2E6frWq90QH3s1I6DDUOq6jZDFc0zWF1JFPWnxQ6v8+rG:+DH2zkWUizvfrWw04c1I6ZbFDpzOyx7O

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

408a4015f9572341dac31a7a89fafe08_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/02/2008, 00:00

Not After

13/03/2009, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:65:2e:ea:2e:af:53:41:57:72:fa:96:e9:7e:da:55:06:f7:ce:9d
Signer

Actual PE Digest

8a:65:2e:ea:2e:af:53:41:57:72:fa:96:e9:7e:da:55:06:f7:ce:9d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28Certificate

Extended Key Usages

Key Usages

8a:65:2e:ea:2e:af:53:41:57:72:fa:96:e9:7e:da:55:06:f7:ce:9dSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 408KB

UPX1 Size: 320KB - Virtual size: 320KB

.rsrc Size: 30KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 60KB - Virtual size: 182KB

.rsrc Size: 32KB - Virtual size: 28KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

8a:65:2e:ea:2e:af:53:41:57:72:fa:96:e9:7e:da:55:06:f7:ce:9d
Signer

UPX0
Size: - Virtual size: 408KB

UPX1
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 60KB - Virtual size: 182KB

.rsrc
Size: 32KB - Virtual size: 28KB