885c90956c47494c6e9b2cdcc84254a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

885c90956c47494c6e9b2cdcc84254a0_JaffaCakes118
Size

57KB
MD5

885c90956c47494c6e9b2cdcc84254a0
SHA1

0670565e88f4576a4243217f1540380408fa1a5f
SHA256

c0b7f8ff3ad7353ddf0e04124c9b695310759b027c7c5bb441f48e74c005e044
SHA512

412474ecfe56050fcc6232f3ffda990ae20611bba5ad5e415bc85245695b5e1b91be653d5c0c3effeb3cf473dbb70502eca92e54e5f936ca8284107079e7d87e
SSDEEP

1536:OfaeIJVJ0Y5Wu7B+ZYG4AVsQEDDh3o5o2BPjrk:OfaeeOvu+6G4AyQEt12NE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

885c90956c47494c6e9b2cdcc84254a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:05:6d:75:98:80:19:0f:0e:7d:37:9c:cb:83:f4:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/06/2013, 00:00

Not After

16/08/2016, 23:59

Subject

CN=PPStream Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PPStream Inc.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:42:33:df:5e:a3:05:36:a9:b7:f0:87:42:67:eb:1d:71:a7:f6:25
Signer

Actual PE Digest

df:42:33:df:5e:a3:05:36:a9:b7:f0:87:42:67:eb:1d:71:a7:f6:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc/0/version.txt
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/MANIFEST/1
.xml
CERTIFICATE
UPX1
[0]
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:05:6d:75:98:80:19:0f:0e:7d:37:9c:cb:83:f4:1dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

df:42:33:df:5e:a3:05:36:a9:b7:f0:87:42:67:eb:1d:71:a7:f6:25Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 17KB - Virtual size: 16KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:05:6d:75:98:80:19:0f:0e:7d:37:9c:cb:83:f4:1d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

df:42:33:df:5e:a3:05:36:a9:b7:f0:87:42:67:eb:1d:71:a7:f6:25
Signer

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 17KB - Virtual size: 16KB