d9c6a3433f8f29cbeeb8d42923393a0a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d9c6a3433f8f29cbeeb8d42923393a0a_JaffaCakes118
Size

949KB
MD5

d9c6a3433f8f29cbeeb8d42923393a0a
SHA1

d7fe066a2395b3bcbee94e91121fc48969f624a9
SHA256

56d8f8e7ed824681ed807969b1afd5207d6e8e9a317c1069e53cd3ac53c64d38
SHA512

9b2a18bcd78786098707f9f6607d9667370593f6d19ccd2524cbf60ebea0caa00f61c6259d7ac464f1f2f662093d036eac40a3031ef4777bd667caea578ee211
SSDEEP

24576:lqas478P6X4fHY9Y7zqb66o0IInZ14q8/lL2Pl/MPWMZi9VvJ3KzX:lI478P7HY9uub6tUEF46WMZiNazX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/utorrent.exe	upx

Files

d9c6a3433f8f29cbeeb8d42923393a0a_JaffaCakes118
.zip
resume.dat
rss.dat
settings.dat
utorrent.exe
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/06/2010, 00:00

Not After

26/07/2013, 23:59

Subject

CN=BitTorrent Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:f2:dd:4c:d0:45:c7:77:be:bc:c7:db:fa:f6:36:fe:de:4b:7b:d9
Signer

Actual PE Digest

69:f2:dd:4c:d0:45:c7:77:be:bc:c7:db:fa:f6:36:fe:de:4b:7b:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
utorrent.lng
.zip
Albanian!sq.txt
Arabic!ar.txt
Armenian!hy.txt
Azerbaijani!az.txt
Basque!eu.txt
Belarusian!be.txt
Bosnian!bs.txt
Bulgarian!bg.txt
Catalan!ca.txt
Chinese (Simplified)!zhCN.txt
Chinese (Traditional)!zhTW.txt
Croatian!hr.txt
Czech!cs.txt
Danish!da.txt
Dutch!nl.txt
Estonian!et.txt
Finnish!fi.txt
French!fr.txt
Gaeilge!ga.txt
Georgian!ka.txt
German!de.txt
Greek!el.txt
Hebrew!he.txt
Hungarian!hu.txt
Icelandic!is.txt
Italian!it.txt
.vbs
Japanese!ja.txt
Kazakh!kk.txt
Korean!ko.txt
Kurdish!ku.txt
Latvian!lv.txt
Lithuanian!lt.txt
Norwegian Nynorsk!nn.txt
Norwegian!no.txt
Persian!fa.txt
Polish!pl.txt
Portuguese (Brazil)!ptBR.txt
Portuguese (Portugal)!pt.txt
Romanian!ro.txt
Russian!ru.txt
Slovak!sk.txt
Slovenian!sl.txt
Spanish!es.txt
Swedish!sv.txt
Taiwan!tw.txt
Thai!th.txt
Turkish!tr.txt
Ukrainian!uk.txt
Vietnamese!vi.txt
Welsh!cy.txt
.vbs
english.txt
version

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:f2:dd:4c:d0:45:c7:77:be:bc:c7:db:fa:f6:36:fe:de:4b:7b:d9Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 516KB

UPX1 Size: 300KB - Virtual size: 304KB

.rsrc Size: 14KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:f2:dd:4c:d0:45:c7:77:be:bc:c7:db:fa:f6:36:fe:de:4b:7b:d9
Signer

UPX0
Size: - Virtual size: 516KB

UPX1
Size: 300KB - Virtual size: 304KB

.rsrc
Size: 14KB - Virtual size: 16KB