b3fcc8df81c0972a3486bbf203332b45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3fcc8df81c0972a3486bbf203332b45_JaffaCakes118
Size

54KB
MD5

b3fcc8df81c0972a3486bbf203332b45
SHA1

83ba7beedcd06be8dd21b9d8ccfd499bbbed3778
SHA256

913576b2f3b0fc52739bca94eaf082489938bad599fcd443d6c97da16468ff0e
SHA512

666ea15d775d65bb8c1b29dd58e50368aa903116ec27eb3676332d63a69da80f172e9b8c00901891df8df0a3ba62d9a235c8ad47181986c068cb0b33bec2cf8a
SSDEEP

768:6YKYTMXZ1xVmtoBT8LFj7X7oDEXXpafDqzRjGNH7SuCAwVvHb:8sMpnw8mvXMDcXsf2FIlJEv7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

b3fcc8df81c0972a3486bbf203332b45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:e3:8e:e5:36:15:0a:b9:fc:92:6d:59:09:62:7b:ab
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

27/12/2000, 00:00

Not After

19/01/2002, 23:59

Subject

CN=Global Internet Billing,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VeriSign\, Inc.,L=Internet+L=New York,ST=NY,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

f1:42:a8:a2:5b:8e:9e:32:0b:0c:e0:e6:d3:a3:f8:30:4d:6c:e1:c1
Signer

Actual PE Digest

f1:42:a8:a2:5b:8e:9e:32:0b:0c:e0:e6:d3:a3:f8:30:4d:6c:e1:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

01:e3:8e:e5:36:15:0a:b9:fc:92:6d:59:09:62:7b:abCertificate

Key Usages

f1:42:a8:a2:5b:8e:9e:32:0b:0c:e0:e6:d3:a3:f8:30:4d:6c:e1:c1Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 108KB

UPX1 Size: 40KB - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 70KB - Virtual size: 70KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

01:e3:8e:e5:36:15:0a:b9:fc:92:6d:59:09:62:7b:ab
Certificate

f1:42:a8:a2:5b:8e:9e:32:0b:0c:e0:e6:d3:a3:f8:30:4d:6c:e1:c1
Signer

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 70KB - Virtual size: 70KB