b32b6abdf25ccffa96ba750cbf6c4f35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b32b6abdf25ccffa96ba750cbf6c4f35_JaffaCakes118
Size

1.0MB
MD5

b32b6abdf25ccffa96ba750cbf6c4f35
SHA1

0917f39a6b5da19013ac1e15d7bdece88519a062
SHA256

b1d61e7d16bb11daf7f45c335aa0c2f02fba2dc616eef0a6a439f26f7d15e748
SHA512

6f106eda304f8716d6ab4b889aaec26ef23b22b3fcb520e1584fe8f667ace5a3f6036631897d8b3897269dedba7d294ead15e1dae9a0b1aa6e2f627652590a2f
SSDEEP

24576:Nt2ixvr87bGSHfG6j7UNCqffcE06uKw6aBlmGru/npjwa:f2XbCY7UNBcE06uK3aTmGrSjx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/KG.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/KG.exe
unpack003/out.upx

Files

b32b6abdf25ccffa96ba750cbf6c4f35_JaffaCakes118
.rar
FileScavenger/32fsu43.exe
.exe windows:4 windows x86 arch:x86

444ee06ff5eac15eb3f6dab4d403454d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/08/2014, 00:00

Not After

04/11/2015, 23:59

Subject

CN=QueTek Consulting Corporation,OU=SALES,O=QueTek Consulting Corporation,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:0f:88:06:73:06:4c:18:fb:f2:77:10:ee:3d:9d:fc:f3:10:ca:fd
Signer

Actual PE Digest

d1:0f:88:06:73:06:4c:18:fb:f2:77:10:ee:3d:9d:fc:f3:10:ca:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

kernel32

WritePrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetShortPathNameW
FindResourceExW
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
HeapReAlloc
RaiseException
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetConsoleCP
GetConsoleMode
FindFirstFileA
ExitThread
CreateThread
ExitProcess
HeapSize
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetCurrentDirectoryA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
lstrlenA
GlobalGetAtomNameW
GetFullPathNameW
GetFileTime
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
LocalFree
lstrlenW
MulDiv
FreeResource
LoadLibraryA
GetVersionExW
GetCurrentProcess
GetLocaleInfoW
GetTempPathW
GetFileAttributesW
ResetEvent
SetEndOfFile
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetLocalTime
GetPrivateProfileStringA
ExpandEnvironmentStringsW
CreateDirectoryW
MoveFileW
lstrcpyW
FormatMessageW
lstrcpynW
WideCharToMultiByte
DeleteFileW
RemoveDirectoryW
Sleep
GetTempFileNameW
GetCurrentProcessId
CreateProcessW
SetFileTime
GetDriveTypeW
SetCurrentDirectoryW
GetModuleFileNameW
GetLogicalDriveStringsA
GetDiskFreeSpaceExW
GetVolumeInformationW
OpenProcess
MoveFileExW
MultiByteToWideChar
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
QueryPerformanceCounter
GetTickCount
GetDriveTypeA
CreateFileA
GetSystemTime
SystemTimeToFileTime
SetEvent
GetDiskFreeSpaceW
SetFilePointer
QueryDosDeviceA
GetWindowsDirectoryW
ReadFile
GetFileSize
FindClose
WaitForSingleObject
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
QueryPerformanceFrequency
DeviceIoControl
CreateFileW
WriteFile
CloseHandle
FreeLibrary
VirtualAlloc
VirtualFree
FindFirstFileW
FindNextFileW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetEnvironmentStrings

user32

CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
PostThreadMessageW
FindWindowW
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
ShowOwnedPopups
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
DestroyMenu
GetWindowDC
GetWindowThreadProcessId
SetMenuItemBitmaps
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CharUpperW
GetScrollPos
SetScrollPos
GetWindow
GetMenuStringW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetClassInfoW
DefWindowProcW
EmptyClipboard
CloseClipboard
OpenClipboard
GetMenuCheckMarkDimensions
SetMenu
GetMenuState
GetMenuItemID
AppendMenuW
CreateMenu
SetMenuItemInfoW
SystemParametersInfoW
IsZoomed
IsIconic
DrawEdge
GetSysColorBrush
GetComboBoxInfo
WindowFromPoint
FrameRect
FillRect
DrawFrameControl
InflateRect
DrawStateW
GetCursorPos
DestroyIcon
GrayStringW
DrawTextExW
TabbedTextOutW
GetCapture
IsWindowVisible
GetMenu
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
MessageBoxW
CreateWindowExW
DestroyWindow
GetMessagePos
MoveWindow
SetWindowTextW
SetFocus
GetKeyState
GetDoubleClickTime
ShowWindow
KillTimer
InvalidateRect
GetScrollInfo
RedrawWindow
GetUpdateRect
BeginPaint
DrawFocusRect
DrawTextW
EndPaint
SetScrollInfo
ScrollWindow
UpdateWindow
UnregisterClassW
WaitMessage
SetRect
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
GetDlgCtrlID
SetWindowLongW
CallWindowProcW
GetWindowTextW
SetWindowPos
GetDC
ReleaseDC
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
SetWindowRgn
GetWindowTextLengthW
IsRectEmpty
GetWindowLongW
CopyRect
OemToCharBuffW
OffsetRect
SetTimer
PostMessageW
GetSysColor
SetCursor
ReleaseCapture
LoadCursorW
SetCapture
ScreenToClient
ClientToScreen
GetParent
GetDlgItem
CharToOemW
LoadIconW
DrawIcon
OemToCharW
GetDesktopWindow
LoadImageW
PtInRect
GetSystemMetrics
GetFocus
GetClientRect
GetWindowRect
LoadMenuW
ModifyMenuW
GetSubMenu
LoadBitmapW
EnableWindow
SendMessageW
SetClipboardData
UnregisterClassA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SaveDC
ExtSelectClipRgn
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
Ellipse
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetTextColor
GetRgnBox
PatBlt
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
GetPixel
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
CreateFontIndirectW
CombineRgn
GetTextExtentPoint32W
RoundRect
CreateBitmap
CreateFontW
Escape
TextOutW
RectVisible
PtVisible
GetStockObject
SetBrushOrgEx
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
DeleteDC
SetBkMode
SetBkColor
ExtTextOutW
SetTextColor
GetBkColor
CreateSolidBrush
CreatePen
Rectangle
MoveToEx
LineTo
LineDDA
GetTextExtentPointW
DeleteObject
SetPixelV
SelectObject
GetTextMetricsW
StretchBlt
CreateCompatibleDC
GetObjectW
RestoreDC

comdlg32

CommDlgExtendedError
GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegDeleteKeyW
RegCloseKey
RegSetValueExA
RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExA
RegSetKeySecurity
RegOpenKeyA
RegOpenKeyExA
RegGetKeySecurity

shell32

ExtractIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHGetMalloc
DragQueryFileW
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_Create
ord17
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

ws2_32

connect
WSAStartup
socket
closesocket
WSACleanup
htons
gethostbyname
recv
WSAGetLastError
send
select

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileScavenger/KG.rar
.rar
KG.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 826KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileScavenger/Readme.txt
FileScavenger/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

444ee06ff5eac15eb3f6dab4d403454d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95Certificate

Extended Key Usages

Key Usages

d1:0f:88:06:73:06:4c:18:fb:f2:77:10:ee:3d:9d:fc:f3:10:ca:fdSigner

Headers

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 36KB - Virtual size: 131KB

.rsrc Size: 708KB - Virtual size: 707KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.textbss Size: - Virtual size: 188KB

.text Size: 386KB - Virtual size: 386KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 73KB - Virtual size: 233KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 826KB - Virtual size: 825KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:d0:c2:eb:67:dd:04:24:0d:f6:d1:dc:65:f9:10:95
Certificate

d1:0f:88:06:73:06:4c:18:fb:f2:77:10:ee:3d:9d:fc:f3:10:ca:fd
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 36KB - Virtual size: 131KB

.rsrc
Size: 708KB - Virtual size: 707KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 2KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 188KB

.text
Size: 386KB - Virtual size: 386KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 73KB - Virtual size: 233KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 826KB - Virtual size: 825KB