General
-
Target
a9b920791bb1cb7e54e593986fa1c143_JaffaCakes118
-
Size
66KB
-
MD5
a9b920791bb1cb7e54e593986fa1c143
-
SHA1
6c928ae5ba2e8769caa7f8fb7d9d66220e4de461
-
SHA256
06e5b30b50d225d6fe0eac6006e1a3fbdf7628ed92a781235ae6a4e66838714a
-
SHA512
9357659cbfed9aba1d866654b89779fa738ddc659d55b97b1f39dfb67743761cece717a9ec4886a3ef307ad381b347e88016fc3009dcc53e5b82b64c327d2f0e
-
SSDEEP
1536:P+ynFAaXVgjR+AePPnShWWluxTKIPniDELDCM0Am8Cr:PFTXV1AuSYWlmkem8i
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
a9b920791bb1cb7e54e593986fa1c143_JaffaCakes118.exe windows:10 windows x86 arch:x86
Code Sign
47:09:85:6b:5c:6e:8b:57:ba:82:3d:8a:16:f7:cb:f9Certificate
IssuerCN=Avast1AlabastNot Before24-02-2011 08:46Not After31-12-2039 23:59SubjectCN=Avast1Alabast38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
fa:f2:ad:b5:11:fc:74:a4:48:88:ce:7d:4d:1b:d9:eb:f0:ca:3c:2eSigner
Actual PE Digestfa:f2:ad:b5:11:fc:74:a4:48:88:ce:7d:4d:1b:d9:eb:f0:ca:3c:2eDigest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 72KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 60KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:10 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 94KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ