640be041471e39f1c3cb3fb05a63cba8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

640be041471e39f1c3cb3fb05a63cba8_JaffaCakes118
Size

610KB
MD5

640be041471e39f1c3cb3fb05a63cba8
SHA1

9ff0f546809dcca70e077de6f2aece40daf80414
SHA256

716b25f98bfc87ed9d88dc9be0d8a451acebe9605055cde96028600ab21137e8
SHA512

aca951acc7c4add02fbb46dee302a2518991b8e577ae80d239491ba4819aec2552a2cb74de2da9c428d101e580ca743b18bb85e3dd73c321edaba390c53f4c23
SSDEEP

6144:+dRiAmpQVCt82NbK2ACM6sJGHEiJv2g9rkPUxb2fUVIbCqEDMdkeP9Ou+SHNRmUZ:+dkAUK2ARB2v2W4Mb2fFbPlnFO4RZ9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

640be041471e39f1c3cb3fb05a63cba8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

09/11/2017, 17:25

Not After

09/11/2020, 17:55

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:63:e2:e2
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

10/09/2009, 21:59

Not After

10/09/2019, 22:29

Subject

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/03/2018, 00:00

Not After

05/03/2021, 12:00

Subject

SERIALNUMBER=624 255 956,CN=Tweakbit Pty Ltd,O=Tweakbit Pty Ltd,L=Sydney,ST=New South Wales,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/03/2018, 00:00

Not After

05/03/2021, 12:00

Subject

SERIALNUMBER=624 255 956,CN=Tweakbit Pty Ltd,O=Tweakbit Pty Ltd,L=Sydney,ST=New South Wales,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

29/05/2018, 18:26

Not After

29/08/2029, 18:56

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d
Signer

Actual PE Digest

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d

Digest Algorithm

sha256

PE Digest Matches

true

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05
Signer

Actual PE Digest

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 389KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40Certificate

Extended Key Usages

Key Usages

38:63:e2:e2Certificate

Key Usages

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87Certificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7dSigner

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 389KB - Virtual size: 392KB

.rsrc Size: 203KB - Virtual size: 204KB

Headers

File Characteristics

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.itext Size: 4KB - Virtual size: 4KB

.data Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 24KB

.idata Size: 7KB - Virtual size: 6KB

.didata Size: 1024B - Virtual size: 1020B

.edata Size: 512B - Virtual size: 178B

.tls Size: - Virtual size: 32B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 202KB - Virtual size: 201KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

4f:a9:e1:0b:71:8b:16:75:00:00:00:00:4c:18:16:40
Certificate

38:63:e2:e2
Certificate

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0d:5d:8b:b9:e5:71:c9:3c:89:07:73:5d:5d:1c:f1:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

84:33:7b:a2:89:b7:8c:ba:00:00:00:00:55:91:da:87
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

bd:80:1c:d8:5b:13:5d:ab:64:cd:57:80:55:17:23:99:1b:71:c3:c9:94:07:41:d0:4b:c4:97:5d:8d:e5:1a:7d
Signer

cb:5b:7e:da:57:b2:52:a4:92:35:30:fe:b1:d7:8b:f6:d8:b6:b5:05
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 389KB - Virtual size: 392KB

.rsrc
Size: 203KB - Virtual size: 204KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 24KB

.idata
Size: 7KB - Virtual size: 6KB

.didata
Size: 1024B - Virtual size: 1020B

.edata
Size: 512B - Virtual size: 178B

.tls
Size: - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 202KB - Virtual size: 201KB