485248089771800f2eb2b55d1aa43c17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

485248089771800f2eb2b55d1aa43c17_JaffaCakes118
Size

44KB
MD5

485248089771800f2eb2b55d1aa43c17
SHA1

5af2f8982bdb3b0a2e52e2e32747be3120af8e7a
SHA256

a3fe304818b7e55b7d179f4411f0908a76dddee97de50be81a4691ee09bda2d0
SHA512

48cc79c6eac51979575c3a2b0b568f06d0b4f08fb1316f1ca51437c3c90a7bd501848de02fcc3da88c99aeead1cb5a82d063d3b044e5d73d31d0e331fc41d65c
SSDEEP

768:sa6hMU/JFGOv5CRoXkb/MJ+Bdz7lyMYgH78XpqD7AWLjb06vP:slJF+RoXkbUqXQMXbfD7AWb3vP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

485248089771800f2eb2b55d1aa43c17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:c8:08:71:a6:6f:e6:b0:7d:8c:fc:a5:af:93:01:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/02/2008, 00:00

Not After

17/02/2009, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:0b:4e:88:be:d3:6f:7c:c6:23:6f:b6:73:ea:6d:36:7f:62:6d:6d
Signer

Actual PE Digest

64:0b:4e:88:be:d3:6f:7c:c6:23:6f:b6:73:ea:6d:36:7f:62:6d:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CShockwaveFlashWnd@@QAE@XZ
??1CShockwaveFlashWnd@@UAE@XZ
??_7CShockwaveFlashWnd@@6B@
?Back@CShockwaveFlashWnd@@QAEXXZ
?Create@CShockwaveFlashWnd@@QAEHPBDKABUtagRECT@@PAVCWnd@@IPAVCFile@@HPAG@Z
?Create@CShockwaveFlashWnd@@UAEHPBD0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
?CreateObject@CShockwaveFlashWnd@@SGPAVCObject@@XZ
?CurrentFrame@CShockwaveFlashWnd@@QAEJXZ
?FlashVersion@CShockwaveFlashWnd@@QAEJXZ
?Forward@CShockwaveFlashWnd@@QAEXXZ
?FrameLoaded@CShockwaveFlashWnd@@QAEHJ@Z
?GetAlignMode@CShockwaveFlashWnd@@QAEJXZ
?GetAllowScriptAccess@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetBGColor@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetBackgroundColor@CShockwaveFlashWnd@@QAEJXZ
?GetBase@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetClsid@CShockwaveFlashWnd@@QAEABU_GUID@@XZ
?GetDeviceFont@CShockwaveFlashWnd@@QAEHXZ
?GetEmbedMovie@CShockwaveFlashWnd@@QAEHXZ
?GetFlashVars@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetFrameNum@CShockwaveFlashWnd@@QAEJXZ
?GetLoop@CShockwaveFlashWnd@@QAEHXZ
?GetMenu@CShockwaveFlashWnd@@QAEHXZ
?GetMovie@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetMovieData@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetPlaying@CShockwaveFlashWnd@@QAEHXZ
?GetQuality2@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetQuality@CShockwaveFlashWnd@@QAEJXZ
?GetReadyState@CShockwaveFlashWnd@@QAEJXZ
?GetRuntimeClass@CShockwaveFlashWnd@@UBEPAUCRuntimeClass@@XZ
?GetSAlign@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetSWRemote@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetScale@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GetScaleMode@CShockwaveFlashWnd@@QAEJXZ
?GetTotalFrames@CShockwaveFlashWnd@@QAEJXZ
?GetVariable@CShockwaveFlashWnd@@QAE?AVCString@@PBD@Z
?GetWMode@CShockwaveFlashWnd@@QAE?AVCString@@XZ
?GotoFrame@CShockwaveFlashWnd@@QAEXJ@Z
?IsPlaying@CShockwaveFlashWnd@@QAEHXZ
?LoadMovie@CShockwaveFlashWnd@@QAEXJPBD@Z
?Pan@CShockwaveFlashWnd@@QAEXJJJ@Z
?PercentLoaded@CShockwaveFlashWnd@@QAEJXZ
?Play@CShockwaveFlashWnd@@QAEXXZ
?Rewind@CShockwaveFlashWnd@@QAEXXZ
?SetAlignMode@CShockwaveFlashWnd@@QAEXJ@Z
?SetAllowScriptAccess@CShockwaveFlashWnd@@QAEXPBD@Z
?SetBGColor@CShockwaveFlashWnd@@QAEXPBD@Z
?SetBackgroundColor@CShockwaveFlashWnd@@QAEXJ@Z
?SetBase@CShockwaveFlashWnd@@QAEXPBD@Z
?SetDeviceFont@CShockwaveFlashWnd@@QAEXH@Z
?SetEmbedMovie@CShockwaveFlashWnd@@QAEXH@Z
?SetFlashVars@CShockwaveFlashWnd@@QAEXPBD@Z
?SetFrameNum@CShockwaveFlashWnd@@QAEXJ@Z
?SetLoop@CShockwaveFlashWnd@@QAEXH@Z
?SetMenu@CShockwaveFlashWnd@@QAEXH@Z
?SetMovie@CShockwaveFlashWnd@@QAEXPBD@Z
?SetMovieData@CShockwaveFlashWnd@@QAEXPBD@Z
?SetPlaying@CShockwaveFlashWnd@@QAEXH@Z
?SetQuality2@CShockwaveFlashWnd@@QAEXPBD@Z
?SetQuality@CShockwaveFlashWnd@@QAEXJ@Z
?SetSAlign@CShockwaveFlashWnd@@QAEXPBD@Z
?SetSWRemote@CShockwaveFlashWnd@@QAEXPBD@Z
?SetScale@CShockwaveFlashWnd@@QAEXPBD@Z
?SetScaleMode@CShockwaveFlashWnd@@QAEXJ@Z
?SetVariable@CShockwaveFlashWnd@@QAEXPBD0@Z
?SetWMode@CShockwaveFlashWnd@@QAEXPBD@Z
?SetZoomRect@CShockwaveFlashWnd@@QAEXJJJJ@Z
?Stop@CShockwaveFlashWnd@@QAEXXZ
?StopPlay@CShockwaveFlashWnd@@QAEXXZ
?TCallFrame@CShockwaveFlashWnd@@QAEXPBDJ@Z
?TCallLabel@CShockwaveFlashWnd@@QAEXPBD0@Z
?TCurrentFrame@CShockwaveFlashWnd@@QAEJPBD@Z
?TCurrentLabel@CShockwaveFlashWnd@@QAE?AVCString@@PBD@Z
?TGetProperty@CShockwaveFlashWnd@@QAE?AVCString@@PBDJ@Z
?TGetPropertyAsNumber@CShockwaveFlashWnd@@QAENPBDJ@Z
?TGetPropertyNum@CShockwaveFlashWnd@@QAENPBDJ@Z
?TGotoFrame@CShockwaveFlashWnd@@QAEXPBDJ@Z
?TGotoLabel@CShockwaveFlashWnd@@QAEXPBD0@Z
?TPlay@CShockwaveFlashWnd@@QAEXPBD@Z
?TSetProperty@CShockwaveFlashWnd@@QAEXPBDJ0@Z
?TSetPropertyNum@CShockwaveFlashWnd@@QAEXPBDJN@Z
?TStopPlay@CShockwaveFlashWnd@@QAEXPBD@Z
?Zoom@CShockwaveFlashWnd@@QAEXJ@Z
?_GetBaseClass@CShockwaveFlashWnd@@KGPAUCRuntimeClass@@XZ
?classCShockwaveFlashWnd@CShockwaveFlashWnd@@2UCRuntimeClass@@B
?clsid@?1??GetClsid@CShockwaveFlashWnd@@QAEABU_GUID@@XZ@4U3@B

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7f:c8:08:71:a6:6f:e6:b0:7d:8c:fc:a5:af:93:01:4dCertificate

Extended Key Usages

Key Usages

64:0b:4e:88:be:d3:6f:7c:c6:23:6f:b6:73:ea:6d:36:7f:62:6d:6dSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 31KB - Virtual size: 32KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 520B

.rsrc Size: 32KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7f:c8:08:71:a6:6f:e6:b0:7d:8c:fc:a5:af:93:01:4d
Certificate

64:0b:4e:88:be:d3:6f:7c:c6:23:6f:b6:73:ea:6d:36:7f:62:6d:6d
Signer

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 31KB - Virtual size: 32KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 520B

.rsrc
Size: 32KB - Virtual size: 31KB