9adca5d9c431916b564f310a3259e979_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9adca5d9c431916b564f310a3259e979_JaffaCakes118
Size

946KB
MD5

9adca5d9c431916b564f310a3259e979
SHA1

e1165325a5663d106b5b1405269ca8b8a2aa20b0
SHA256

3e96de3359959d3c75d44ddaee4bc021bab92f98c75fe9908d0975aed00d0c09
SHA512

1ada6ba3706f529242016cc75274e1b67c48663c81477576879b549dfcdff8c105f44f070bc411e15138fd284665bc6fd94a51dd4efd21f3be8f39d438cf64d0
SSDEEP

24576:8q6C8ezPL70tguYebfD6ijSMZsiN+r7DfRI4wx:NjzPL7tezjSMZVK8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

9adca5d9c431916b564f310a3259e979_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:19

Not After

06/01/2018, 03:19

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:28

Not After

06/01/2018, 03:28

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:a9:ef:e6:72:79:66:81:18:f7:0f:8c:b6:07:63:db:34:73:31:d8:c4:12:41:e5:65:0a:05:0a:0d:a0:9a:47
Signer

Actual PE Digest

94:a9:ef:e6:72:79:66:81:18:f7:0f:8c:b6:07:63:db:34:73:31:d8:c4:12:41:e5:65:0a:05:0a:0d:a0:9a:47

Digest Algorithm

sha256

PE Digest Matches

true

2b:c4:e0:34:95:36:66:5b:2c:9e:bc:cc:09:60:2a:19:3c:2e:99:03
Signer

Actual PE Digest

2b:c4:e0:34:95:36:66:5b:2c:9e:bc:cc:09:60:2a:19:3c:2e:99:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 858KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3dCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

94:a9:ef:e6:72:79:66:81:18:f7:0f:8c:b6:07:63:db:34:73:31:d8:c4:12:41:e5:65:0a:05:0a:0d:a0:9a:47Signer

2b:c4:e0:34:95:36:66:5b:2c:9e:bc:cc:09:60:2a:19:3c:2e:99:03Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 858KB - Virtual size: 860KB

.rsrc Size: 73KB - Virtual size: 76KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 382KB - Virtual size: 381KB

.data Size: 30KB - Virtual size: 60KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 130KB - Virtual size: 130KB

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

94:a9:ef:e6:72:79:66:81:18:f7:0f:8c:b6:07:63:db:34:73:31:d8:c4:12:41:e5:65:0a:05:0a:0d:a0:9a:47
Signer

2b:c4:e0:34:95:36:66:5b:2c:9e:bc:cc:09:60:2a:19:3c:2e:99:03
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 858KB - Virtual size: 860KB

.rsrc
Size: 73KB - Virtual size: 76KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 382KB - Virtual size: 381KB

.data
Size: 30KB - Virtual size: 60KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 130KB - Virtual size: 130KB