97e94989b92cbd657bdf3226d25c454b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

97e94989b92cbd657bdf3226d25c454b_JaffaCakes118
Size

5.0MB
MD5

97e94989b92cbd657bdf3226d25c454b
SHA1

85ee2ceae56b3b0f70f5b0ffe7eb3bf0dfe76741
SHA256

ef09063599834d42842fc90a477881b0ee347f93b43cb27bff38ff4879180410
SHA512

e293224c3d915f76041cdc08adfcb8571fd7ee54f3ceae175b5767788a9eaa28d6067f023f6e8d8189642d201a903d1635d815fae313ac71e3b6be1c8929322d
SSDEEP

98304:paAWIuWHQaNmDt0GFz57UIWdo9W8TgipJGNfS6IYe2iV7H+xoIwbunWm:phWIuyVAt0G/UPo9TwNQFVXpm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

97e94989b92cbd657bdf3226d25c454b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:a3:74:16:77:2d:2d:11:c7:f2:00:80:4e:ba:c6:67
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-08-2018 00:00

Not After

19-05-2019 23:59

Subject

SERIALNUMBER=91653100MA775K1L68,CN=Kashi Guangxun Network Technology Co.\, Ltd.,O=Kashi Guangxun Network Technology Co.\, Ltd.,L=Kashi,ST=Xinjiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13054b61736869,1.3.6.1.4.1.311.60.2.1.2=#130858696e6a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:af:d1:aa:38:c4:19:b6:d6:74:0b:58:16:17:7e:3c:6e:94:b7:df
Signer

Actual PE Digest

51:af:d1:aa:38:c4:19:b6:d6:74:0b:58:16:17:7e:3c:6e:94:b7:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

60:a3:74:16:77:2d:2d:11:c7:f2:00:80:4e:ba:c6:67Certificate

Extended Key Usages

Key Usages

51:af:d1:aa:38:c4:19:b6:d6:74:0b:58:16:17:7e:3c:6e:94:b7:dfSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.8MB

UPX1 Size: 4.9MB - Virtual size: 4.9MB

.rsrc Size: 116KB - Virtual size: 116KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 76KB - Virtual size: 152KB

.qtmetad Size: 3KB - Virtual size: 3KB

_RDATA Size: 1024B - Virtual size: 544B

.rsrc Size: 115KB - Virtual size: 114KB

.reloc Size: 241KB - Virtual size: 241KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

60:a3:74:16:77:2d:2d:11:c7:f2:00:80:4e:ba:c6:67
Certificate

51:af:d1:aa:38:c4:19:b6:d6:74:0b:58:16:17:7e:3c:6e:94:b7:df
Signer

UPX0
Size: - Virtual size: 6.8MB

UPX1
Size: 4.9MB - Virtual size: 4.9MB

.rsrc
Size: 116KB - Virtual size: 116KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 76KB - Virtual size: 152KB

.qtmetad
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 1024B - Virtual size: 544B

.rsrc
Size: 115KB - Virtual size: 114KB

.reloc
Size: 241KB - Virtual size: 241KB