24a57afeff4d9e1ac42a5816cafc4309_JaffaCakes118

General

Target

24a57afeff4d9e1ac42a5816cafc4309_JaffaCakes118
Size

36KB
MD5

24a57afeff4d9e1ac42a5816cafc4309
SHA1

4b11af0f6ed035b8e2e87a14c9308db776ccbfb1
SHA256

41677b4836b477de7130fb4e21f40ac0683848c59a5484b2a3ba5803803955eb
SHA512

d99028df2ef962c02e67b3e3979e78bb95c4655055131f85015ad2c2685ed1208394c0d0286f90e4d3e2a1794fe59abc21ac971b1c334074293e9de4fd32a427
SSDEEP

768:DDEIXx51xoUknCkXhcr+tqDzFNUPX25nKm1jZl:EIXxfrmVXhcrYsXUv6DL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

24a57afeff4d9e1ac42a5816cafc4309_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

1d:ca:86:7c:ff:c0:0a:b9:45:c1:15:4f:e4:6c:55:93
Certificate

Issuer

CN=LinQuan

Not Before

31/12/2008, 16:00

Not After

31/12/2014, 16:00

Subject

CN=LinQuan

Extended Key Usages

ExtKeyUsageCodeSigning

e4:28:33:76:46:7b:50:cd:7b:06:52:52:0a:7a:48:ac:66:da:de:60
Signer

Actual PE Digest

e4:28:33:76:46:7b:50:cd:7b:06:52:52:0a:7a:48:ac:66:da:de:60

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1d:ca:86:7c:ff:c0:0a:b9:45:c1:15:4f:e4:6c:55:93Certificate

Extended Key Usages

e4:28:33:76:46:7b:50:cd:7b:06:52:52:0a:7a:48:ac:66:da:de:60Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 68KB

UPX1 Size: 33KB - Virtual size: 36KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 56KB - Virtual size: 52KB

1d:ca:86:7c:ff:c0:0a:b9:45:c1:15:4f:e4:6c:55:93
Certificate

e4:28:33:76:46:7b:50:cd:7b:06:52:52:0a:7a:48:ac:66:da:de:60
Signer

UPX0
Size: - Virtual size: 68KB

UPX1
Size: 33KB - Virtual size: 36KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 56KB - Virtual size: 52KB