8c91143d948189c78f05560347c37063_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c91143d948189c78f05560347c37063_JaffaCakes118
Size

20.2MB
MD5

8c91143d948189c78f05560347c37063
SHA1

95efd814d6752069a696fcbffbe21bb6a2dfe58a
SHA256

93f1f21d6b979d6da70aa1d39514e00a08b707604fb210b8ff55bd9dfe2a88a0
SHA512

4c8370d5c996349bfde5272b6c6e8a8322d832573a7f4520926a922e5d445f146912bc13abaea4c2643484214106b8017e02aaaf74a5129964be78e4dfdfa700
SSDEEP

393216:8B3GK8zHLoU39g+oTI7yY3kQhfMwKzXqonKJeAM7gx6I8Dnr8ZMYzPweAr2mA8yZ:deInrMKyJ1Dr8uYzuamJxwF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/MESMERiZE/keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MESMERiZE/keygen.exe
unpack002/out.upx

Files

8c91143d948189c78f05560347c37063_JaffaCakes118
.zip
155ɫվ.url
.url
MESMERiZE/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dvr-converter3.exe
.exe windows:4 windows x86 arch:x86

2a624288ec93eb71e484c6e9c32beba4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:a7:b3:29:01:25:80:c1:ef:36:50:b5:75:26:5a:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/08/2010, 00:00

Not After

01/09/2011, 23:59

Subject

CN=Engelmann Media GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Engelmann Media GmbH,L=Dortmund,ST=NRW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:5f:fe:fb:2a:61:e1:4b:64:98:04:70:da:9c:4e:9e:72:fe:9f:91
Signer

Actual PE Digest

06:5f:fe:fb:2a:61:e1:4b:64:98:04:70:da:9c:4e:9e:72:fe:9f:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Rec_Source\src\tools\release\setup.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

InitCommonControlsEx

urlmon

URLDownloadToCacheFileA

wininet

DeleteUrlCacheEntry
InternetCanonicalizeUrlA

msi

ord168

shlwapi

SHGetValueA
StrChrA
StrStrA

kernel32

GetVersionExA
SetFilePointer
IsDebuggerPresent
GetSystemTimeAsFileTime
GlobalMemoryStatus
GetSystemInfo
VirtualQuery
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GlobalAlloc
GlobalFree
CreateMutexA
GetExitCodeProcess
lstrcpynA
lstrcpyA
GetModuleFileNameA
LoadLibraryA
GetFullPathNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WriteFile
CloseHandle
GetFileAttributesA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
CopyFileA
GetLocalTime
CreateProcessA
FreeLibrary
GetEnvironmentVariableA
lstrlenA
CompareStringA
GetTempPathA
SetLastError
GlobalUnlock
GlobalLock
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedDecrement
InterlockedIncrement
GlobalGetAtomNameA
lstrcmpA
GetThreadLocale
GlobalFlags
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
ReadFile
FlushFileBuffers
SetEndOfFile
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
SetHandleCount
GetFileType
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
CreateFileA
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
GetProcAddress
GetCurrentProcess
lstrcatA
LocalFree
GetSystemDirectoryA
DeleteFileA
FormatMessageA
OutputDebugStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetConsoleCP

user32

MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongA
IsWindow
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetClientRect
PtInRect
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
GetWindowTextA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
wsprintfA
wvsprintfA
CharNextA
MsgWaitForMultipleObjects
CreateDialogParamA
SetFocus
ShowWindow
SetForegroundWindow
LoadCursorA
SetCursor
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
DialogBoxParamA
DestroyIcon
SetWindowTextA
SetDlgItemTextA
GetDlgItem
SendMessageA
MoveWindow
LoadIconA
EndDialog
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
LoadStringA
MessageBoxA
ExitWindowsEx
CharPrevA
GetAsyncKeyState
CopyRect
DefWindowProcA
CallWindowProcA
GetClassNameA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetUserNameA

shell32

ShellExecuteExA

dbghelp

MiniDumpWriteDump

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetMapMode
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RectVisible
DeleteDC
PtVisible
GetStockObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps
TextOutA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.9MB - Virtual size: 20.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file_id.diz
mesmerize.nfo

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 288KB

UPX1 Size: 128KB - Virtual size: 132KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 87KB

.rsrc Size: 272KB - Virtual size: 270KB

2a624288ec93eb71e484c6e9c32beba4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

66:a7:b3:29:01:25:80:c1:ef:36:50:b5:75:26:5a:16Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

06:5f:fe:fb:2a:61:e1:4b:64:98:04:70:da:9c:4e:9e:72:fe:9f:91Signer

Headers

File Characteristics

PDB Paths

Imports

version

comctl32

urlmon

wininet

msi

shlwapi

kernel32

user32

advapi32

shell32

dbghelp

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 20.9MB - Virtual size: 20.9MB

UPX0
Size: - Virtual size: 288KB

UPX1
Size: 128KB - Virtual size: 132KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 87KB

.rsrc
Size: 272KB - Virtual size: 270KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

66:a7:b3:29:01:25:80:c1:ef:36:50:b5:75:26:5a:16
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

06:5f:fe:fb:2a:61:e1:4b:64:98:04:70:da:9c:4e:9e:72:fe:9f:91
Signer

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 20.9MB - Virtual size: 20.9MB