d053c49fe4b6cc1435386eb314ed9d52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d053c49fe4b6cc1435386eb314ed9d52_JaffaCakes118
Size

435KB
MD5

d053c49fe4b6cc1435386eb314ed9d52
SHA1

00a77a7d9498b62f1e61d2455813f412539f49b9
SHA256

596da779000e005fe6983392d29d4695b0dd671829c83cfa19002af5f04fd259
SHA512

43cb57157640d11bd56b7d465caa2026c89d4e58c49722360fe02f45f0783bcffa9607ee491de56e91b6888774200703da1771057c354ee845ff877bd293eff2
SSDEEP

6144:Cbx5LQVmE3w7MlLUU3SIZMo9O0cfw7dfT20BaFtd68AqgaEDB5s0k4L4mdb:gnQVmFglLmMJ9dcfwB7HBgSqUB+Etdb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

d053c49fe4b6cc1435386eb314ed9d52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

647b2d25b4821905b4195ff7a6455b54

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:45:57:51:ce:d8:e6:59:3d:20:ee:35:df:ac:26:8b:71:e3:ef:14
Signer

Actual PE Digest

3d:45:57:51:ce:d8:e6:59:3d:20:ee:35:df:ac:26:8b:71:e3:ef:14

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

UPX0
Size: 512B - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 422KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

647b2d25b4821905b4195ff7a6455b54

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

3d:45:57:51:ce:d8:e6:59:3d:20:ee:35:df:ac:26:8b:71:e3:ef:14Signer

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: 512B - Virtual size: 832KB

UPX1 Size: 422KB - Virtual size: 424KB

.rsrc Size: 3KB - Virtual size: 4KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

3d:45:57:51:ce:d8:e6:59:3d:20:ee:35:df:ac:26:8b:71:e3:ef:14
Signer

UPX0
Size: 512B - Virtual size: 832KB

UPX1
Size: 422KB - Virtual size: 424KB

.rsrc
Size: 3KB - Virtual size: 4KB