8b14b8ffd4f4f4498e073431ce4d9019_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b14b8ffd4f4f4498e073431ce4d9019_JaffaCakes118
Size

6.5MB
MD5

8b14b8ffd4f4f4498e073431ce4d9019
SHA1

9ff2be5a43439385ea1441ba350c9b21a983e6b8
SHA256

e324340daae9cce1cd6e149ba679788b2707ab1aeac9f3f32a46e852d3c2c3b1
SHA512

802c2e8e15b08c6970ce388ba752d07de99110d17ec9af98cf05f80258c5285373e36ff56d7999919c1f324cbf3241b879e21d06b39e39fb0f84b9dda1b88fa9
SSDEEP

196608:2aAK9yv3u/0HpUTFqbybhYTp7cX10vzkJ:2aAKUmcHpDebh0p7cF0voJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack002/out.upx

Files

8b14b8ffd4f4f4498e073431ce4d9019_JaffaCakes118
.rar
155绿色软件站.url
.url
keygen.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 816KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
medcalcsetup.exe
.exe windows:4 windows x86 arch:x86

b030fd254c817e0689504dc047debd2b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/03/2008, 00:00

Not After

10/03/2011, 23:59

Subject

CN=MedCalc Software,O=MedCalc Software,POSTALCODE=9030,STREET=Broekstraat 52,L=Mariakerke,ST=OVL,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:c8:ee:d1:e6:be:f5:8a:79:55:cb:89:8f:98:f3:8e:46:77:41:79
Signer

Actual PE Digest

66:c8:ee:d1:e6:be:f5:8a:79:55:cb:89:8f:98:f3:8e:46:77:41:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetSystemTime
FindFirstFileA
FormatMessageA
ReadFile
CreateProcessA
GetExitCodeProcess
GetVersion
FindClose
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RemoveDirectoryA
OutputDebugStringA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
MultiByteToWideChar
GlobalMemoryStatus
OpenProcess
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
lstrlenW
GetShortPathNameA
CreateMutexA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
lstrlenA
GlobalAlloc
GlobalFree
GlobalUnlock
ExitProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
GlobalLock
MulDiv
GetProcessHeap
HeapFree
DebugBreak
lstrcmpA
GetStringTypeExA
FreeLibrary
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
SetEvent
CreateEventA
CreateThread
CloseHandle
TerminateThread
GetExitCodeThread
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
RaiseException
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
VirtualAlloc
GetSystemInfo
VirtualQuery
GetWindowsDirectoryA
RtlUnwind

user32

ReleaseDC
GetWindowDC
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
EnableMenuItem
ExitWindowsEx
GetDC
GetSystemMetrics
LoadIconA
GetScrollPos
GetScrollRange
DestroyMenu
ModifyMenuA
DefWindowProcA
CallWindowProcA
GetSystemMenu
SetForegroundWindow
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
EnableWindow
SetTimer
CreateDialogParamA
MsgWaitForMultipleObjects
DialogBoxParamA
GetForegroundWindow
GetActiveWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowLongA
InvalidateRect
SetWindowPos
RedrawWindow
SetFocus
MessageBeep
SendMessageA
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
LoadImageA
DispatchMessageA
TranslateMessage
PeekMessageA
MapWindowPoints
GetWindowRect
CreateWindowExA
IsWindow
GetClientRect
DestroyWindow
GetWindowLongA
EndDialog
GetWindow
SystemParametersInfoA
GetPropA
PostQuitMessage
FindWindowA
PostMessageA
CopyRect
GetParent
GetDlgItem
wvsprintfA
IsWindowVisible
GetDesktopWindow
CharNextA
UnregisterClassA
SetWindowTextA
LoadStringA
ShowWindow

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode

advapi32

LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
RegQueryInfoKeyA
RegDeleteKeyA
StartServiceA
QueryServiceStatus
OpenServiceA
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
UnlockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
LockServiceDatabase
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
OleLoadPicture

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.9MB

UPX1 Size: 816KB - Virtual size: 820KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 72KB - Virtual size: 71KB

.bss Size: - Virtual size: 29KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 1024B - Virtual size: 934B

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 179KB - Virtual size: 179KB

.rsrc Size: 384KB - Virtual size: 384KB

pebundle Size: 35KB - Virtual size: 36KB

pebundle Size: 8KB - Virtual size: 8KB

b030fd254c817e0689504dc047debd2b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5aCertificate

Extended Key Usages

Key Usages

66:c8:ee:d1:e6:be:f5:8a:79:55:cb:89:8f:98:f3:8e:46:77:41:79Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 71KB - Virtual size: 71KB

UPX0
Size: - Virtual size: 1.9MB

UPX1
Size: 816KB - Virtual size: 820KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 72KB - Virtual size: 71KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 1024B - Virtual size: 934B

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 179KB - Virtual size: 179KB

.rsrc
Size: 384KB - Virtual size: 384KB

pebundle
Size: 35KB - Virtual size: 36KB

pebundle
Size: 8KB - Virtual size: 8KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5a
Certificate

66:c8:ee:d1:e6:be:f5:8a:79:55:cb:89:8f:98:f3:8e:46:77:41:79
Signer

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 71KB - Virtual size: 71KB