5ccc11676f53eac2067323e19d84c0e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ccc11676f53eac2067323e19d84c0e2_JaffaCakes118
Size

53KB
MD5

5ccc11676f53eac2067323e19d84c0e2
SHA1

4f06757834bde6f9060d88672cf82fba6cfbf6c8
SHA256

6c992af7f0b859ad89ab80d2b26f4cf61f666f58c1f285e8ef9825566880edc9
SHA512

aa3cc48099447a1ade78a0f592eefd662a4766fd1aa5fa0b4229571dca0cac827c1fda63b64f6216f8d90fcbe8f7e9db7922aa5f80acf2cbedcea4f0489684b5
SSDEEP

1536:pkLOf3Fi+XG4i8uiL2A7iGinYUUo6t4DudNiB:KS9Ujo2A7iGinooRDOy

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

5ccc11676f53eac2067323e19d84c0e2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:9a:73:c1:86:4a:e2:7d:7d:9c:dc:f7:05:58:88:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/09/2008, 00:00

Not After

17/10/2010, 23:59

Subject

CN=LAVALYS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Licensing Department,O=LAVALYS,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:11:77:16:cc:16:70:01:a1:2f:8b:11:6d:bb:d1:d7:ac:c4:3d:5b
Signer

Actual PE Digest

a6:11:77:16:cc:16:70:01:a1:2f:8b:11:6d:bb:d1:d7:ac:c4:3d:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ChuLKUnzipAllFolder
ChuLKUnzipSingleFile
ChuLKZipFolderRecursive
ChuLKZipMultipleFiles
ChuLKZipSingleFile
FolderProperties
MultipleFilesProperties

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

73:9a:73:c1:86:4a:e2:7d:7d:9c:dc:f7:05:58:88:e4Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

a6:11:77:16:cc:16:70:01:a1:2f:8b:11:6d:bb:d1:d7:ac:c4:3d:5bSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 45KB - Virtual size: 48KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

73:9a:73:c1:86:4a:e2:7d:7d:9c:dc:f7:05:58:88:e4
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a6:11:77:16:cc:16:70:01:a1:2f:8b:11:6d:bb:d1:d7:ac:c4:3d:5b
Signer

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 45KB - Virtual size: 48KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 4KB