3c31be859886e034737b4022b514f8e3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c31be859886e034737b4022b514f8e3_JaffaCakes118
Size

1.4MB
MD5

3c31be859886e034737b4022b514f8e3
SHA1

b373d9759566d87207c2488ed4c5a8e454ceeabf
SHA256

40c89add3404e3a391567a75ee726a17c882a825eda49c5853c6a9d76c7b9afa
SHA512

2b77e104f5f66199e72b07990a4853c6c450c34b30dbf4bb2935fa4d6802eef92038b762e5e163f63fea4c4d6e2cf572f5a0be5856a3747e6a814b769916eaf4
SSDEEP

24576:GXk1eRJid3vOpRjFetyY8uKHKyCXDtE/BLTFCM+GDdj/z1MrmdTRsY8+Kolysmx:GXd5pRYyYtwUXpE/GgZBvddsY8+KolS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

3c31be859886e034737b4022b514f8e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:16:f2:9d:cf:25:d4:db
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

12/05/2020, 17:43

Not After

21/05/2023, 19:18

Subject

CN=NEXTAR TECNOLOGIA DE SOFTWARE LTDA,O=NEXTAR TECNOLOGIA DE SOFTWARE LTDA,L=Florianopolis,ST=Santa Catarina,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:94:13:c4:18:7e:72:f0:69:a1:11:60:75:c8:27:87:f7:00:81:9b:6e:bb:35:38:0b:98:e1:b5:a9:41:af:2b
Signer

Actual PE Digest

c5:94:13:c4:18:7e:72:f0:69:a1:11:60:75:c8:27:87:f7:00:81:9b:6e:bb:35:38:0b:98:e1:b5:a9:41:af:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

f4:16:f2:9d:cf:25:d4:dbCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c5:94:13:c4:18:7e:72:f0:69:a1:11:60:75:c8:27:87:f7:00:81:9b:6e:bb:35:38:0b:98:e1:b5:a9:41:af:2bSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.6MB

UPX1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 61KB - Virtual size: 64KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.itext Size: 11KB - Virtual size: 11KB

.data Size: 52KB - Virtual size: 51KB

.bss Size: - Virtual size: 29KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 158B

.tls Size: - Virtual size: 72B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 417KB - Virtual size: 417KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

1b:e7:15
Certificate

07
Certificate

f4:16:f2:9d:cf:25:d4:db
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c5:94:13:c4:18:7e:72:f0:69:a1:11:60:75:c8:27:87:f7:00:81:9b:6e:bb:35:38:0b:98:e1:b5:a9:41:af:2b
Signer

UPX0
Size: - Virtual size: 4.6MB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 61KB - Virtual size: 64KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.itext
Size: 11KB - Virtual size: 11KB

.data
Size: 52KB - Virtual size: 51KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 158B

.tls
Size: - Virtual size: 72B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 417KB - Virtual size: 417KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB