bd5311a92305bb918365e0bd2c74e069_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd5311a92305bb918365e0bd2c74e069_JaffaCakes118
Size

7.2MB
MD5

bd5311a92305bb918365e0bd2c74e069
SHA1

a87403f7f751862c1f65a3f28e5f20c9fedaf868
SHA256

15f0a2072436d93da7c01b107e41fb81e52147ffdc33eb2080e28fd613a29d46
SHA512

a483b7e4b0a202c57e3c0cd78aaecc335da39841b8d5a980a6c2411d712d5e2644b046a86f6c442633f40cfcbd0890bcd7666fa5f1f0b77e2c9ba18e721037af
SSDEEP

196608:RuEfs2f9w8OwUwfCFqZmRPhtKAG2Xwp9IxocFO7WYOFF82:4EU2lw8OxEYxxDKVEnTD82

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack002/out.upx

Files

bd5311a92305bb918365e0bd2c74e069_JaffaCakes118
.rar
155绿色软件站.url
.url
digimizersetup.exe
.exe windows:4 windows x86 arch:x86

b030fd254c817e0689504dc047debd2b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/03/2008, 00:00

Not After

10/03/2011, 23:59

Subject

CN=MedCalc Software,O=MedCalc Software,POSTALCODE=9030,STREET=Broekstraat 52,L=Mariakerke,ST=OVL,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:18:bd:89:35:b3:20:e3:ec:6f:28:2f:b4:92:83:c7:46:30:2a:9a
Signer

Actual PE Digest

f0:18:bd:89:35:b3:20:e3:ec:6f:28:2f:b4:92:83:c7:46:30:2a:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetSystemTime
FindFirstFileA
FormatMessageA
ReadFile
CreateProcessA
GetExitCodeProcess
GetVersion
FindClose
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RemoveDirectoryA
OutputDebugStringA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
MultiByteToWideChar
GlobalMemoryStatus
OpenProcess
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
lstrlenW
GetShortPathNameA
CreateMutexA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
lstrlenA
GlobalAlloc
GlobalFree
GlobalUnlock
ExitProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
GlobalLock
MulDiv
GetProcessHeap
HeapFree
DebugBreak
lstrcmpA
GetStringTypeExA
FreeLibrary
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
SetEvent
CreateEventA
CreateThread
CloseHandle
TerminateThread
GetExitCodeThread
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
RaiseException
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
VirtualAlloc
GetSystemInfo
VirtualQuery
GetWindowsDirectoryA
RtlUnwind

user32

ReleaseDC
GetWindowDC
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
EnableMenuItem
ExitWindowsEx
GetDC
GetSystemMetrics
LoadIconA
GetScrollPos
GetScrollRange
DestroyMenu
ModifyMenuA
DefWindowProcA
CallWindowProcA
GetSystemMenu
SetForegroundWindow
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
EnableWindow
SetTimer
CreateDialogParamA
MsgWaitForMultipleObjects
DialogBoxParamA
GetForegroundWindow
GetActiveWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowLongA
InvalidateRect
SetWindowPos
RedrawWindow
SetFocus
MessageBeep
SendMessageA
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
LoadImageA
DispatchMessageA
TranslateMessage
PeekMessageA
MapWindowPoints
GetWindowRect
CreateWindowExA
IsWindow
GetClientRect
DestroyWindow
GetWindowLongA
EndDialog
GetWindow
SystemParametersInfoA
GetPropA
PostQuitMessage
FindWindowA
PostMessageA
CopyRect
GetParent
GetDlgItem
wvsprintfA
IsWindowVisible
GetDesktopWindow
CharNextA
UnregisterClassA
SetWindowTextA
LoadStringA
ShowWindow

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode

advapi32

LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
RegQueryInfoKeyA
RegDeleteKeyA
StartServiceA
QueryServiceStatus
OpenServiceA
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
UnlockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
LockServiceDatabase
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
OleLoadPicture

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keygen.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 816KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b030fd254c817e0689504dc047debd2b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5aCertificate

Extended Key Usages

Key Usages

f0:18:bd:89:35:b3:20:e3:ec:6f:28:2f:b4:92:83:c7:46:30:2a:9aSigner

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 71KB - Virtual size: 71KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.9MB

UPX1 Size: 816KB - Virtual size: 820KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 72KB - Virtual size: 71KB

.bss Size: - Virtual size: 29KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 1024B - Virtual size: 934B

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 179KB - Virtual size: 179KB

.rsrc Size: 384KB - Virtual size: 384KB

pebundle Size: 35KB - Virtual size: 36KB

pebundle Size: 8KB - Virtual size: 8KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

4c:88:99:9e:13:f2:86:ea:a4:52:ce:ae:5a:13:5e:5a
Certificate

f0:18:bd:89:35:b3:20:e3:ec:6f:28:2f:b4:92:83:c7:46:30:2a:9a
Signer

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 71KB - Virtual size: 71KB

UPX0
Size: - Virtual size: 1.9MB

UPX1
Size: 816KB - Virtual size: 820KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 72KB - Virtual size: 71KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 1024B - Virtual size: 934B

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 179KB - Virtual size: 179KB

.rsrc
Size: 384KB - Virtual size: 384KB

pebundle
Size: 35KB - Virtual size: 36KB

pebundle
Size: 8KB - Virtual size: 8KB