04d739b9c82b11b7e0bfd452ca8b3fdc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04d739b9c82b11b7e0bfd452ca8b3fdc_JaffaCakes118
Size

1.8MB
MD5

04d739b9c82b11b7e0bfd452ca8b3fdc
SHA1

77b3132d4b8f31c80daf62fead987a8499781882
SHA256

f7885c11381419f7de808bf882fc4c0f6d780ffc68358cf1304beda85da5ddf1
SHA512

40f58919493ce1a10bda9ca1bdfa27225bd7d91346fe626adf3eb454d7e2d07892bce8e05a84a3298004b56a378ae499fbd6197dcb583da048c238c7bf483b2c
SSDEEP

49152:ivv4kwtAmQg+mOy50bb8rkQr+fah6m+wV6R5v:OwkwtAmQg+ml5obOkQr+fg6mz0T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Perl Editor/Pleditor.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Perl Editor/Pleditor.exe

Files

04d739b9c82b11b7e0bfd452ca8b3fdc_JaffaCakes118
.rar
Perl Editor/Breakpnt.exe
.exe windows:4 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

15-05-2008 00:00

Not After

15-05-2011 23:59

Subject

CN=DzSoft Ltd,O=DzSoft Ltd,POSTALCODE=39605,STREET=Gogolya\, 12/21\, k.9,L=Kremenchuk,ST=Poltavska oblast,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:cb:40:6a:fc:90:fa:8d:97:6a:c9:49:c5:67:b0:ae:2d:da:43:44
Signer

Actual PE Digest

dd:cb:40:6a:fc:90:fa:8d:97:6a:c9:49:c5:67:b0:ae:2d:da:43:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 210KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 176KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Perl Editor/Distrib.ini
Perl Editor/Pleditor.chm
.chm
Perl Editor/Pleditor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 845KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Perl Editor/Samples/cp-hello.pl
.pl .sh linux
Perl Editor/Samples/envvars.pl
.pl .sh linux
Perl Editor/Samples/hello.pl
.pl .sh linux
Perl Editor/Samples/oldform.pl
.pl .sh linux
Perl Editor/Samples/param.pl
.pl .sh linux
Perl Editor/Samples/time.pl
.pl .sh linux
Perl Editor/Snippets.def
Perl Editor/Uploader.exe
.exe windows:4 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

15-05-2008 00:00

Not After

15-05-2011 23:59

Subject

CN=DzSoft Ltd,O=DzSoft Ltd,POSTALCODE=39605,STREET=Gogolya\, 12/21\, k.9,L=Kremenchuk,ST=Poltavska oblast,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:d9:79:2a:c0:c5:3d:e7:79:2b:ba:91:c7:a2:04:45:63:81:d2:9b
Signer

Actual PE Digest

ca:d9:79:2a:c0:c5:3d:e7:79:2b:ba:91:c7:a2:04:45:63:81:d2:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 216KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 159KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4Certificate

Extended Key Usages

Key Usages

dd:cb:40:6a:fc:90:fa:8d:97:6a:c9:49:c5:67:b0:ae:2d:da:43:44Signer

Headers

File Characteristics

Sections

Size: 210KB - Virtual size: 528KB

Size: 2KB - Virtual size: 8KB

Size: - Virtual size: 4KB

Size: 9KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 40KB

.rsrc Size: 11KB - Virtual size: 52KB

.data Size: 176KB - Virtual size: 396KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.5MB

UPX1 Size: 845KB - Virtual size: 848KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4Certificate

Extended Key Usages

Key Usages

ca:d9:79:2a:c0:c5:3d:e7:79:2b:ba:91:c7:a2:04:45:63:81:d2:9bSigner

Headers

File Characteristics

Sections

Size: 216KB - Virtual size: 552KB

Size: 8KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 8KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 44KB

.rsrc Size: 14KB - Virtual size: 48KB

.data Size: 159KB - Virtual size: 380KB

.adata Size: - Virtual size: 4KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4
Certificate

dd:cb:40:6a:fc:90:fa:8d:97:6a:c9:49:c5:67:b0:ae:2d:da:43:44
Signer

.rsrc
Size: 11KB - Virtual size: 52KB

.data
Size: 176KB - Virtual size: 396KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 3.5MB

UPX1
Size: 845KB - Virtual size: 848KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

89:75:7e:55:ba:07:f3:a4:ad:b9:da:4c:14:a3:e6:b4
Certificate

ca:d9:79:2a:c0:c5:3d:e7:79:2b:ba:91:c7:a2:04:45:63:81:d2:9b
Signer

.rsrc
Size: 14KB - Virtual size: 48KB

.data
Size: 159KB - Virtual size: 380KB

.adata
Size: - Virtual size: 4KB