31d37e791cdce82e410a20d5dbb82ab1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31d37e791cdce82e410a20d5dbb82ab1_JaffaCakes118
Size

18.7MB
MD5

31d37e791cdce82e410a20d5dbb82ab1
SHA1

5325df7a7f01111b59a5cd36429c28e466c3ab3c
SHA256

485e3ef827db97123902bd4720033ddd17d58abfeb44d6dc23eeccac217ea0e4
SHA512

4d0f18a5c2646c381084da73a81454141dccff16681532717a4c31567e28fd061e57fd01fc4d031e51c03bd5c4cd9d42a98b21eefc7871d0fba0cf00ba87ba44
SSDEEP

393216:Aup1H32IvfW4QBos6d+fVWHq0ukZAFaOMIClxq7S:Aup1H3FWfBo9d+9WHi8OfClxv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack002/out.upx

Files

31d37e791cdce82e410a20d5dbb82ab1_JaffaCakes118
.zip
155ɫվ.url
.url
CORE.NFO
OODiskImage5ProfessionalEnu/OODiskImage5ProfessionalEnu.exe
.exe windows:4 windows x86 arch:x86

a634617a24446d73e561f07dfda844e5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:0e:97:72:1b:85:24:fb:0d:22:32:ff:9f:ca:b1:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2010, 00:00

Not After

15/10/2011, 23:59

Subject

CN=O and O Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=O and O Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:00:ad:2f:9d:00:f4:66:6e:01:58:5d:08:c7:0d:06:5e:e4:62:50
Signer

Actual PE Digest

09:00:ad:2f:9d:00:f4:66:6e:01:58:5d:08:c7:0d:06:5e:e4:62:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc

comctl32

ord17

kernel32

ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
LockResource
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
GlobalFree
GetTickCount
GetExitCodeThread
CreateThread
CopyFileW
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventW
lstrcatW
GetTempFileNameW
CompareStringA
CompareStringW
GetVersionExW
LoadLibraryW
FreeLibrary
GetProcAddress
GetSystemDefaultLangID
lstrcmpW
lstrcmpiW
VerLanguageNameW
MoveFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
GetSystemTimeAsFileTime
SetFileAttributesW
GetPrivateProfileStringW
CreateDirectoryW
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
IsValidLocale
GetVersion
GetModuleHandleW
GetCommandLineW
GetFileAttributesW
IsBadReadPtr
VirtualQuery
lstrcmpiA
lstrcpyA
FlushFileBuffers
SetEndOfFile
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoW
GetACP
GetTimeZoneInformation
GetTempPathW
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetUserDefaultLCID
ReadFile
GetLocaleInfoA
IsValidCodePage
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetStartupInfoW
GetModuleHandleA
RtlUnwind
CreateFileA
CreateFileMappingA
lstrcpynA
SystemTimeToFileTime
lstrcpynW
QueryPerformanceCounter
SetEvent
ResetEvent
SearchPathW
VirtualProtect
GetCurrentProcessId
FindResourceExW
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
GetLocalTime
TerminateProcess
GetProcessTimes
OpenProcess
GetCurrentDirectoryW
SetErrorMode
GetWindowsDirectoryW
lstrcpyW
GetSystemDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileW
Sleep
RemoveDirectoryW
SetFilePointer
GetProcessHeap
WriteFile
HeapAlloc
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
EnumSystemLocalesA
HeapFree
GetOEMCP
SetEnvironmentVariableA
GetTimeFormatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetDateFormatA
RaiseException
InterlockedExchange
lstrcmpA
SetStdHandle
LocalAlloc

user32

CreateDialogParamW
SetCursor
GetWindow
GetDlgItemTextW
SetFocus
EnableWindow
MessageBoxW
SetDlgItemTextW
SetForegroundWindow
GetDlgCtrlID
GetDC
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageW
SendMessageW
GetWindowRect
GetSystemMetrics
SetRect
FindWindowW
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogIndirectParamW
CharNextW
LoadImageW
GetWindowLongW
BeginPaint
EndPaint
SetWindowLongW
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
ReleaseDC
EndDialog
SetWindowTextW
GetDlgItem
ShowWindow
DialogBoxIndirectParamW
GetDesktopWindow
wsprintfW
MsgWaitForMultipleObjects
PeekMessageW
DefWindowProcW
PostMessageW
KillTimer
PostQuitMessage
SetTimer
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
MoveWindow
wvsprintfW
CharPrevW
SendDlgItemMessageW
ExitWindowsEx
CharUpperW
WaitForInputIdle
SetActiveWindow

gdi32

UnrealizeObject
SelectPalette
RealizePalette
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateFontW
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateDIBitmap
DeleteObject
GetStockObject
TranslateCharsetInfo

advapi32

RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW

ole32

CLSIDFromProgID
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoInitializeSecurity
CreateItemMoniker
GetRunningObjectTable
ProgIDFromCLSID
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SysAllocString
VariantClear
VariantChangeType
GetErrorInfo
RegisterTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo

rpcrt4

UuidToStringW
UuidCreate
UuidFromStringW
RpcStringFreeW

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file_id.diz
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a634617a24446d73e561f07dfda844e5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:0e:97:72:1b:85:24:fb:0d:22:32:ff:9f:ca:b1:1aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

09:00:ad:2f:9d:00:f4:66:6e:01:58:5d:08:c7:0d:06:5e:e4:62:50Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 465KB - Virtual size: 465KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 42KB - Virtual size: 63KB

.rsrc Size: 309KB - Virtual size: 308KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 436KB

UPX1 Size: 151KB - Virtual size: 152KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 91KB

.rsrc Size: 419KB - Virtual size: 419KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:0e:97:72:1b:85:24:fb:0d:22:32:ff:9f:ca:b1:1a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

09:00:ad:2f:9d:00:f4:66:6e:01:58:5d:08:c7:0d:06:5e:e4:62:50
Signer

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 42KB - Virtual size: 63KB

.rsrc
Size: 309KB - Virtual size: 308KB

UPX0
Size: - Virtual size: 436KB

UPX1
Size: 151KB - Virtual size: 152KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 91KB

.rsrc
Size: 419KB - Virtual size: 419KB