64c19977f2c06830fa6b2aff70aac10b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64c19977f2c06830fa6b2aff70aac10b_JaffaCakes118
Size

1023KB
MD5

64c19977f2c06830fa6b2aff70aac10b
SHA1

95b956662535b4c5ff0463182277a2debe0a0763
SHA256

11adad7ceb5cd12d765fae0da3e07b3c015ea6fa0583db7d9f6a7907ab2a9d1e
SHA512

d253482992fc43e641a86e4a5e89e8f2bb56879c7adcd0cb90562ed50b895ddea078009fc1388f1bfea133d78e7000ed38afba1f89d1ee88817fa61a2d529862
SSDEEP

24576:ZmYms3XJ4ZhKWL1hbrj3xg1AJde7dHsTKaOTw4kfmkoUVAD:ZmYmiXJAY41ydiTX54Gm/sG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

64c19977f2c06830fa6b2aff70aac10b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

04:8b:18:52:d3:6e:e8
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

20/08/2014, 09:55

Not After

05/08/2015, 08:51

Subject

CN=GIGA Digital AG,O=GIGA Digital AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

01/09/2009, 00:00

Not After

31/12/2037, 23:59

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:5c:81:cb:cf:c6:80:0b:8f:91:23:ad:ab:41:c4:62:56:ed:1b:40
Signer

Actual PE Digest

c1:5c:81:cb:cf:c6:80:0b:8f:91:23:ad:ab:41:c4:62:56:ed:1b:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 989KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:8b:18:52:d3:6e:e8Certificate

Extended Key Usages

Key Usages

Certificate

Key Usages

07Certificate

Key Usages

c1:5c:81:cb:cf:c6:80:0b:8f:91:23:ad:ab:41:c4:62:56:ed:1b:40Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 989KB - Virtual size: 992KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 483KB - Virtual size: 482KB

code Size: 340KB - Virtual size: 339KB

.data Size: 11KB - Virtual size: 11KB

data Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 122KB - Virtual size: 122KB

.bss Size: - Virtual size: 59KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 26KB - Virtual size: 26KB

04:8b:18:52:d3:6e:e8
Certificate

07
Certificate

c1:5c:81:cb:cf:c6:80:0b:8f:91:23:ad:ab:41:c4:62:56:ed:1b:40
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 989KB - Virtual size: 992KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 483KB - Virtual size: 482KB

code
Size: 340KB - Virtual size: 339KB

.data
Size: 11KB - Virtual size: 11KB

data
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 122KB - Virtual size: 122KB

.bss
Size: - Virtual size: 59KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 26KB - Virtual size: 26KB