4736029d33806cf5b5452b7c324efda7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4736029d33806cf5b5452b7c324efda7_JaffaCakes118
Size

2.5MB
MD5

4736029d33806cf5b5452b7c324efda7
SHA1

993f8e2a2e60a691f5d6bae6a53a0dd8783906e9
SHA256

6742bd2b3ab8ea849666670452ad1d3d0591d9bb5b57275e578f2ce78b1ba196
SHA512

e9cb8a69c220ead725fc501255b16a4b3d340be04f12dfe7eb0c5fdff1124c52fa3bf156aa595abaa6dffe0e1184ef161973ed7526226f76e4e7c411e429e4d4
SSDEEP

49152:ire/QnBnsS64yJJJMzIpyQtR+e+qiz9Ija9Ps5dk3v0enVW5E76xun:pcbyJTaI86N+qiz88s5uW7G

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/u1603.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

4736029d33806cf5b5452b7c324efda7_JaffaCakes118
.zip
u1603.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:00:b4:8f:cb:59:38:30:69:38:b1:71:e2:79:30:5e:27
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/10/2015, 17:26

Not After

14/01/2019, 17:26

Subject

CN=Ultrareach Internet Corp.,O=Ultrareach Internet Corp.,L=Cheyenne,ST=Wyoming,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:a1:0a:72:43:2e:54:4a:fc:8c:66:7c:73:dd:c0:dc:08:0c:c7:e1
Signer

Actual PE Digest

14:a1:0a:72:43:2e:54:4a:fc:8c:66:7c:73:dd:c0:dc:08:0c:c7:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_EXECryptor_GetHardwareID@0
_EXECryptor_IsAppProtected@0

Sections

.text
Size: 896KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

11:21:00:b4:8f:cb:59:38:30:69:38:b1:71:e2:79:30:5e:27Certificate

Extended Key Usages

Key Usages

14:a1:0a:72:43:2e:54:4a:fc:8c:66:7c:73:dd:c0:dc:08:0c:c7:e1Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 896KB - Virtual size: 894KB

.rdata Size: 352KB - Virtual size: 350KB

.data Size: 352KB - Virtual size: 810KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

11:21:00:b4:8f:cb:59:38:30:69:38:b1:71:e2:79:30:5e:27
Certificate

14:a1:0a:72:43:2e:54:4a:fc:8c:66:7c:73:dd:c0:dc:08:0c:c7:e1
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 896KB - Virtual size: 894KB

.rdata
Size: 352KB - Virtual size: 350KB

.data
Size: 352KB - Virtual size: 810KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB