be9b38a91c0a6a82716d6de594aa531e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be9b38a91c0a6a82716d6de594aa531e_JaffaCakes118
Size

30KB
MD5

be9b38a91c0a6a82716d6de594aa531e
SHA1

cb12b60ec7202454b0473f48e14ac3743c3b9069
SHA256

27f1fbd5b55bfb20558af7565eb36b2307b0515b56279e0b0ee40808a4a2f550
SHA512

3e7490065bcde1a47951ae854aae10d3c84aee9f8917a869ff3177165df4200ae097a1e56c06ba3d9f1f8c68f72809a71e2bc39da4386d2cf9ba334fbaf90074
SSDEEP

384:/Tp0IDg0pI68Jn1NPyh0B5VBaWRPJ6RC0SwRf6ATP1X63I/KwaFIQpK0+t8:/Vvg0N8J1NvzV5Rxh+fjTl63IC1S048

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

be9b38a91c0a6a82716d6de594aa531e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 60KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB