8bb345e5f3e4f6470193dd81e144961a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8bb345e5f3e4f6470193dd81e144961a_JaffaCakes118
Size

9.9MB
MD5

8bb345e5f3e4f6470193dd81e144961a
SHA1

75491777b312d9c546d9c26c1487ef92d273929e
SHA256

8bc64da120b4b12b7df93975b060398eea93bc381c69aca56ae07da6741e1917
SHA512

378b8ccf036fec00ca63d49060bbb34a082ecc65e2afa6d42a61e9f9162eee9a12e5a93d90c6e67ffe601546261809b75703481258749eafb5db6426bb97dec6
SSDEEP

196608:/FBl6lUxMNmAsmDIOzXkFhD2q9LBXR15zSaKH2iuVPajQQpdAuRXzXPzu://UCyEgIh7yqDNzMhAyQCP5zXq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe

Files

8bb345e5f3e4f6470193dd81e144961a_JaffaCakes118
.rar
155绿色软件站.url
.url
SUPERAntiSpywarePro.exe
.exe windows:5 windows x86 arch:x86

edcf9d08ec804fa1c6cd0a0e6b6f9dfc

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:f9:7d:44:f4:ba:b2:4c:73:f8:b7:31:73:69:d7:c1
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/05/2009, 00:00

Not After

11/05/2011, 23:59

Subject

CN=SuperAdBlocker.com,OU=SECURE APPLICATION DEVELOPMENT,O=SuperAdBlocker.com,L=Eugene,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

72:1e:d2:f1:a8:b4:60:93:7a:95:62:0f:34:de:18:66:52:15:d5:6d
Signer

Actual PE Digest

72:1e:d2:f1:a8:b4:60:93:7a:95:62:0f:34:de:18:66:52:15:d5:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SUPERAdBlocker Projects\SAS Build Tools\Release\SUPERSetup.pdb

Imports

kernel32

GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesA
FlushFileBuffers
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
CreateThread
GetModuleFileNameW
GetLocalTime
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateMutexW
GlobalAlloc
GlobalFree
InterlockedIncrement
InterlockedDecrement
MulDiv
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LockFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
FreeLibrary
MultiByteToWideChar
SetEndOfFile
SetFilePointer
CreateFileA
GetFullPathNameA
GetFullPathNameW
GetTempPathW
Sleep
CreateProcessW
MoveFileExW
GetTempFileNameW
GetSystemInfo
GetVersionExW
SetFileTime
WriteFile
CreateDirectoryW
GetFileAttributesW
ReadFile
GetFileSize
CreateFileW
GetProcAddress
GetModuleHandleW
WaitForSingleObject
CloseHandle
RtlUnwind
RaiseException
GetStartupInfoW
HeapReAlloc
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualFree
VirtualAlloc
GetLastError
GetModuleHandleA

user32

DispatchMessageW
TranslateMessage
LoadAcceleratorsW
TranslateAcceleratorW
LoadIconW
LoadCursorW
GetMessageW
LoadStringW
SendDlgItemMessageW
SetDlgItemTextW
MessageBoxW
EnableWindow
ShowWindow
SetWindowTextW
MapDialogRect
SetDlgItemTextA
SetWindowPos
CreateDialogParamW
GetParent
GetWindowTextLengthW
ScreenToClient
GetSysColorBrush
GetSysColor
GetDlgItemTextW
SetClassLongW
GetWindowRect
SetWindowLongW
SetForegroundWindow
SetActiveWindow
SetFocus
CallWindowProcW
GetWindowLongW
SendMessageW
GetDlgItem
GetClientRect
CopyRect
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
CreateWindowExW
PostMessageW
DialogBoxParamW
RegisterClassExW
LoadImageW

gdi32

CreateSolidBrush
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
SetBkColor

advapi32

RegCreateKeyW
RegCreateKeyExW
DeleteService
ControlService
QueryServiceStatusEx
RegDeleteValueW
RegDeleteKeyW
StartServiceW
CreateServiceW
RegEnumKeyW
RegCloseKey
RegOpenKeyW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

OleInitialize
CoTaskMemFree
CoInitialize
OleSetContainedObject
OleCreate
CoCreateInstance

oleaut32

SysAllocString
VariantClear

shlwapi

StrStrIA
StrStrIW
SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ord17

Sections

.text
Size: 497KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_README.TXT
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

edcf9d08ec804fa1c6cd0a0e6b6f9dfc

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:f9:7d:44:f4:ba:b2:4c:73:f8:b7:31:73:69:d7:c1Certificate

Extended Key Usages

72:1e:d2:f1:a8:b4:60:93:7a:95:62:0f:34:de:18:66:52:15:d5:6dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

Sections

.text Size: 497KB - Virtual size: 496KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 588KB

UPX1 Size: 244KB - Virtual size: 244KB

.rsrc Size: 15KB - Virtual size: 16KB

0a
Certificate

47:f9:7d:44:f4:ba:b2:4c:73:f8:b7:31:73:69:d7:c1
Certificate

72:1e:d2:f1:a8:b4:60:93:7a:95:62:0f:34:de:18:66:52:15:d5:6d
Signer

.text
Size: 497KB - Virtual size: 496KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 588KB

UPX1
Size: 244KB - Virtual size: 244KB

.rsrc
Size: 15KB - Virtual size: 16KB