6013bd2c32f0125364d9658870830b24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6013bd2c32f0125364d9658870830b24_JaffaCakes118
Size

279KB
MD5

6013bd2c32f0125364d9658870830b24
SHA1

fc5fc995e5318379c9dde05a7c474aafab16a54b
SHA256

33117d3f318014287e23b46001ea62b56279a897fdd1a0a23fb7b876f5e6f030
SHA512

4ccaa7c404dac8c90e5b4ed36d408bf1d98f9afcde4f53d558e502e7014b0690f82d216b3fabee9f24fdf5f79ad9227501b924d8a1630094920c1c026b241eb8
SSDEEP

6144:iUrBCokmN9Ccn6zanRMHMkt4YSjlFrhJdDgOWZ:ngokO9Ccn6+nmHMktAxF9Ji

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

6013bd2c32f0125364d9658870830b24_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ec:b8:eb:b3:2d:ac:9e:e0:69:88:00:55:41:05:5c:9f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/09/2009, 00:00

Not After

16/09/2012, 23:59

Subject

CN=Soft Integrator Ltd.,O=Soft Integrator Ltd.,POSTALCODE=03150,STREET=34-B Predslavinskaya,L=Kyiv,ST=Kyiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:21:15:57:d4:ce:d1:53:8f:dc:4a:b9:8b:26:b2:b7:a1:b2:85:93
Signer

Actual PE Digest

55:21:15:57:d4:ce:d1:53:8f:dc:4a:b9:8b:26:b2:b7:a1:b2:85:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Author
Converter
Error
FindDB
ManualId
ManualInfo
VersionId

Sections

UPX0
Size: - Virtual size: 508KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

ec:b8:eb:b3:2d:ac:9e:e0:69:88:00:55:41:05:5c:9fCertificate

Extended Key Usages

Key Usages

55:21:15:57:d4:ce:d1:53:8f:dc:4a:b9:8b:26:b2:b7:a1:b2:85:93Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 508KB

UPX1 Size: 269KB - Virtual size: 272KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 631KB - Virtual size: 631KB

DATA Size: 15KB - Virtual size: 14KB

BSS Size: - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 184B

.reloc Size: 36KB - Virtual size: 36KB

.rsrc Size: 33KB - Virtual size: 33KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

ec:b8:eb:b3:2d:ac:9e:e0:69:88:00:55:41:05:5c:9f
Certificate

55:21:15:57:d4:ce:d1:53:8f:dc:4a:b9:8b:26:b2:b7:a1:b2:85:93
Signer

UPX0
Size: - Virtual size: 508KB

UPX1
Size: 269KB - Virtual size: 272KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 631KB - Virtual size: 631KB

DATA
Size: 15KB - Virtual size: 14KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 184B

.reloc
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 33KB - Virtual size: 33KB