b93540b9c4c426d682e782ed603ba6ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b93540b9c4c426d682e782ed603ba6ff_JaffaCakes118
Size

14.2MB
MD5

b93540b9c4c426d682e782ed603ba6ff
SHA1

8f85d85578ccd29aefb4065e69ad3fd3c15bb62f
SHA256

1180240f7dbbc347c080f4d61b1e195b178b86b45f945f20613d587d3d5300ae
SHA512

fc48db58815623ecb2b8685f00ff26a230140d24bec101370aa2af7a78b9caadbcd9f8ca48094848185692deb4dfe1dbdba0c928b8ad7cb5dae20ef84cc3d670
SSDEEP

196608:1G3KJh+aH62wDStE1UyhS86hdgQvlNxC+Y4bBW5syNjLFCqgs8RZ+LyQTq8xlOdx:1ZLVQ08k7vlTvY4VW5Lvgs8WuIqqwjcA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Patch.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Patch.exe

Files

b93540b9c4c426d682e782ed603ba6ff_JaffaCakes118
.rar
155绿色软件站.url
.url
Patch.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Splash PRO 1.6.0.0.txt
Splash PRO.exe
.exe windows:4 windows x86 arch:x86

80d73aa23cdddc5bbe09e8267af96f41

Code Sign

06:cb:7d:43:d6:58:1b:21:9e:68:43:ff:27:47:05:0c
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/06/2010, 00:00

Not After

23/06/2011, 23:59

Subject

CN=Mirillis Ltd.,O=Mirillis Ltd.,L=Zielona Gora,ST=woj. Lubuskie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:71:0f:4f:8e:d3:31:f7:7d:6d:74:a0:92:2b:2f:76:71:d7:ef:17
Signer

Actual PE Digest

24:71:0f:4f:8e:d3:31:f7:7d:6d:74:a0:92:2b:2f:76:71:d7:ef:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateDirectoryW
CreateFileW
DeleteFileW
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
GetSystemTime
GetTempPathW
MoveFileExW
SetCurrentDirectoryW
SetUnhandledExceptionFilter
SystemTimeToFileTime
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_close
_iob
_lseek
_onexit
_open
_read
_setmode
_write
abort
atexit
fflush
fprintf
free
malloc
rand
signal
sprintf
srand
strcpy
strncpy
strrchr
swprintf

shell32

ShellExecuteW

user32

CreateWindowExA
DefWindowProcA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
ShowWindow

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 4KB - Virtual size: 8KB

UPX2 Size: 4KB - Virtual size: 4KB

UPX3 Size: 38KB - Virtual size: 40KB

80d73aa23cdddc5bbe09e8267af96f41

Code Sign

06:cb:7d:43:d6:58:1b:21:9e:68:43:ff:27:47:05:0cCertificate

Extended Key Usages

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

24:71:0f:4f:8e:d3:31:f7:7d:6d:74:a0:92:2b:2f:76:71:d7:ef:17Signer

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 14.1MB - Virtual size: 14.1MB

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 9KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 66KB - Virtual size: 65KB

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 4KB - Virtual size: 8KB

UPX2
Size: 4KB - Virtual size: 4KB

UPX3
Size: 38KB - Virtual size: 40KB

06:cb:7d:43:d6:58:1b:21:9e:68:43:ff:27:47:05:0c
Certificate

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

24:71:0f:4f:8e:d3:31:f7:7d:6d:74:a0:92:2b:2f:76:71:d7:ef:17
Signer

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 14.1MB - Virtual size: 14.1MB

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 66KB - Virtual size: 65KB