77af2858babb533403f18d4026f1b7f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77af2858babb533403f18d4026f1b7f8_JaffaCakes118
Size

1.8MB
MD5

77af2858babb533403f18d4026f1b7f8
SHA1

a54fea169842e65f49221e924bf87a0d7639efc0
SHA256

6fce4bf28469151a2f54d231dfb9fa00f218753cf8cca822d528f8ddb230fac0
SHA512

e2c4e392501e7a14130f8e09f0167eb3d316ee8b6a3f35f6d1ae7885922b95bee1f90b7e0aebe2a6fd69a62eac6031d53a638f3bbc18161f875fe7e3f3f9bf3d
SSDEEP

24576:qzb9KIELPjpN7snCN2rLwpvNIDmfQ+cCXyXXZJVo43ohgo/GKRWielTUwr3+vI4P:qv0IEfpKnCUcDIifQ+c9Fo43kBrWiCBA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/jpdesk/jpborder.exe	upx
static1/unpack001/jpdesk/jpdesk.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx

Files

77af2858babb533403f18d4026f1b7f8_JaffaCakes118
.rar
jpdesk/Background/炭黑/background.ini
jpdesk/Background/炭黑/bg.png
.png
jpdesk/Background/炭黑/separator.png
.png
jpdesk/Background/荧幕/background.ini
jpdesk/Background/荧幕/bg.png
.png
jpdesk/Background/荧幕/separator.png
.png
jpdesk/Background/蓝绿/background.ini
jpdesk/Background/蓝绿/background_bottom.png
.png
jpdesk/Background/蓝绿/separator bottom.png
.png
jpdesk/Background/透明/background.ini
jpdesk/Background/透明/background_Horz.png
.png
jpdesk/Background/透明/separator_Vert.png
.png
jpdesk/Background/金属/background.ini
jpdesk/Background/金属/background_bottom.png
.png
jpdesk/Background/金属/separator bottom.png
.png
jpdesk/Default.png
.png
jpdesk/PicLib/System/Almanac.png
.png
jpdesk/PicLib/System/DesktopBG.jpg
.jpg
jpdesk/PicLib/System/DesktopBg1.jpg
.jpg
jpdesk/PicLib/System/Lock.png
.png
jpdesk/PicLib/System/MyComputer.png
.png
jpdesk/PicLib/System/MyDocument.png
.png
jpdesk/PicLib/System/NetWork.png
.png
jpdesk/PicLib/System/QQ.png
.png
jpdesk/PicLib/System/Recycle_Full.png
.png
jpdesk/PicLib/System/Recycle_empty.png
.png
jpdesk/PicLib/System/SearchPage.png
.png
jpdesk/PicLib/System/TrainTick.png
.png
jpdesk/PicLib/System/Weather.png
.png
jpdesk/PicLib/System/folder.png
.png
jpdesk/PicLib/System/iexplore.png
.png
jpdesk/PicLib/System/jpgames.png
.png
jpdesk/PicLib/System/msnmsgr.png
.png
jpdesk/PicLib/System/taobao.png
.png
jpdesk/PicLib/System/tuangou.png
.png
jpdesk/PicLib/System/wmplayer.png
.png
jpdesk/jpborder.exe
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/12/2008, 00:00

Not After

24/12/2011, 23:59

Subject

CN=Beijing Gigabit Times Technology Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Gigabit Times Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:b2:8d:2d:62:00:40:eb:6f:32:f4:3a:aa:f9:52:a8:3e:a3:02:61
Signer

Actual PE Digest

9c:b2:8d:2d:62:00:40:eb:6f:32:f4:3a:aa:f9:52:a8:3e:a3:02:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 610KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
jpdesk/jpdesk.exe
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/12/2008, 00:00

Not After

24/12/2011, 23:59

Subject

CN=Beijing Gigabit Times Technology Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Gigabit Times Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:3d:74:c4:ec:f9:99:3e:92:27:b6:2f:a7:97:63:00:85:24:6a:7a
Signer

Actual PE Digest

ba:3d:74:c4:ec:f9:99:3e:92:27:b6:2f:a7:97:63:00:85:24:6a:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 796KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
jpdesk/poof.png
.png
jpdesk/updateinfo.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9Certificate

Extended Key Usages

Key Usages

9c:b2:8d:2d:62:00:40:eb:6f:32:f4:3a:aa:f9:52:a8:3e:a3:02:61Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 610KB - Virtual size: 612KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 23KB

.idata Size: 14KB - Virtual size: 13KB

.didata Size: 1024B - Virtual size: 806B

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 98KB - Virtual size: 97KB

.rsrc Size: 712KB - Virtual size: 712KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9Certificate

Extended Key Usages

Key Usages

ba:3d:74:c4:ec:f9:99:3e:92:27:b6:2f:a7:97:63:00:85:24:6a:7aSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 796KB - Virtual size: 800KB

.rsrc Size: 89KB - Virtual size: 92KB

Headers

File Characteristics

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.itext Size: 5KB - Virtual size: 4KB

.data Size: 32KB - Virtual size: 31KB

.bss Size: - Virtual size: 25KB

.idata Size: 15KB - Virtual size: 15KB

.didata Size: 1024B - Virtual size: 934B

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 122KB - Virtual size: 121KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9
Certificate

9c:b2:8d:2d:62:00:40:eb:6f:32:f4:3a:aa:f9:52:a8:3e:a3:02:61
Signer

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 610KB - Virtual size: 612KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 14KB - Virtual size: 13KB

.didata
Size: 1024B - Virtual size: 806B

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 98KB - Virtual size: 97KB

.rsrc
Size: 712KB - Virtual size: 712KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:a6:47:59:f1:27:66:e3:63:d7:79:99:8c:71:bd:c9
Certificate

ba:3d:74:c4:ec:f9:99:3e:92:27:b6:2f:a7:97:63:00:85:24:6a:7a
Signer

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 796KB - Virtual size: 800KB

.rsrc
Size: 89KB - Virtual size: 92KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 32KB - Virtual size: 31KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 15KB - Virtual size: 15KB

.didata
Size: 1024B - Virtual size: 934B

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 122KB - Virtual size: 121KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB