fa7b75f08e3209665abd60f47afc8c2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa7b75f08e3209665abd60f47afc8c2a_JaffaCakes118
Size

1.6MB
MD5

fa7b75f08e3209665abd60f47afc8c2a
SHA1

bc37d7bf96cdf5bc902751dd5f5b39f46b927f42
SHA256

dad271b536810b7ab61994c22cdf83ece037a6cfa45d5a4146d5e244e00c21d0
SHA512

de2d4130b58dba52f01a2c37b532913ced2a772506c9698f7431ea0461cb92e55ee95391f2fa2d32dae51beb21ead61778d3cb273b2369fd1e1399e12ca5f3af
SSDEEP

49152:DradswQkw4eob/v5d1W97I6VIn4UogDr0bQ7xzNk1RiS:v0jBLvvg9PdUo+0b4Bk1YS

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/超级看V1.7.9.4精简版/VSTLive.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

fa7b75f08e3209665abd60f47afc8c2a_JaffaCakes118
.rar
下载说明.htm
.html
使用帮助(河东软件园).url
.url
使用说明.txt
超级看V1.7.9.4精简版/VSTLive.exe
.exe windows:4 windows x86 arch:x86

Code Sign

28:14:a5:c6:e1:b5:6f:52:55:50:67:37:6e:77:bb:01
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

25/01/2016, 05:12

Not After

25/02/2018, 05:12

Subject

CN=龚嵩,L=张家界市,ST=湖南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

16:a8:b9:bc:4e:da:7c:8d:6e:bd:21:67:ad:54:c7:03
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

25/01/2016, 05:07

Not After

25/02/2018, 05:07

Subject

CN=龚嵩,L=张家界市,ST=湖南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2d
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 2 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

19:21:f4:43:a8:a4:37:e9:90:f2:cf:07:43:0f:d3:17:af:28:72:e1:4f:dc:11:ed:69:b2:14:e5:8c:7c:91:3e
Signer

Actual PE Digest

19:21:f4:43:a8:a4:37:e9:90:f2:cf:07:43:0f:d3:17:af:28:72:e1:4f:dc:11:ed:69:b2:14:e5:8c:7c:91:3e

Digest Algorithm

sha256

PE Digest Matches

true

2a:61:e1:ac:1c:1e:98:52:0b:20:f8:d2:56:22:71:81:a2:7a:f4:42
Signer

Actual PE Digest

2a:61:e1:ac:1c:1e:98:52:0b:20:f8:d2:56:22:71:81:a2:7a:f4:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 932KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
超级看V1.7.9.4精简版/使用说明和问题解决方案.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

28:14:a5:c6:e1:b5:6f:52:55:50:67:37:6e:77:bb:01Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

16:a8:b9:bc:4e:da:7c:8d:6e:bd:21:67:ad:54:c7:03Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2dCertificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

01Certificate

Key Usages

19:21:f4:43:a8:a4:37:e9:90:f2:cf:07:43:0f:d3:17:af:28:72:e1:4f:dc:11:ed:69:b2:14:e5:8c:7c:91:3eSigner

2a:61:e1:ac:1c:1e:98:52:0b:20:f8:d2:56:22:71:81:a2:7a:f4:42Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 932KB - Virtual size: 929KB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 96KB - Virtual size: 372KB

.rsrc Size: 12KB - Virtual size: 12KB

28:14:a5:c6:e1:b5:6f:52:55:50:67:37:6e:77:bb:01
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

16:a8:b9:bc:4e:da:7c:8d:6e:bd:21:67:ad:54:c7:03
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

4e:9a:d8:05:bb:29:ad:45:5a:98:8c:2a:55:d9:42:2d
Certificate

19:c2:85:30:e9:3b:36
Certificate

01
Certificate

19:21:f4:43:a8:a4:37:e9:90:f2:cf:07:43:0f:d3:17:af:28:72:e1:4f:dc:11:ed:69:b2:14:e5:8c:7c:91:3e
Signer

2a:61:e1:ac:1c:1e:98:52:0b:20:f8:d2:56:22:71:81:a2:7a:f4:42
Signer

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 932KB - Virtual size: 929KB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 96KB - Virtual size: 372KB

.rsrc
Size: 12KB - Virtual size: 12KB