fbb885743c03c271f64f2bb0a2febc3f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbb885743c03c271f64f2bb0a2febc3f_JaffaCakes118
Size

190KB
MD5

fbb885743c03c271f64f2bb0a2febc3f
SHA1

02f53b0901c5caeea6d18c9ed40375137742c1ab
SHA256

b72e44b294833c3c5064d0dab33864f3770f4f237d2bf1f9b78c9ad03ce39b81
SHA512

ad894ff44c52b1fe76fb109b9fa39eb0723be9d998a5c33babb4e12f3eda7cba80663bef03254367b5c837fa3994f17ad271fcd40a0a072dfcb96f630caa0c50
SSDEEP

3072:asDGZOFJmPMO+GH9X1EvRm+lUaNhIJxtqklovYy1mVXG1r5:aOc7Hl1gNyBqx2GV5

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fbb885743c03c271f64f2bb0a2febc3f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f3e2953d4b4437575507d5f4f8cd6c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/03/2007, 00:00

Not After

19/03/2010, 23:59

Subject

CN=IKARUS Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IKARUS Software GmbH,ST=Vienna,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:18:6e:80:f1:7c:7f:c4:84:e3:72:be:f8:a6:b3:fe:f4:1b:fa:f9
Signer

Actual PE Digest

56:18:6e:80:f1:7c:7f:c4:84:e3:72:be:f8:a6:b3:fe:f4:1b:fa:f9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_unlock
__dllonexit
_lock
_onexit
bsearch
_vsnwprintf
_amsg_exit
_initterm
free
malloc
_vsnprintf
wcsncmp
_XcptFilter
_wcsicmp
_wcsnicmp
wcschr
memcpy
memset

ntdll

RtlUnwind

gdi32

GetDeviceCaps
CreatePen
CreateDCA

kernel32

ExpandEnvironmentStringsA
LoadResource
FindResourceExW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
Sleep
SystemTimeToFileTime
GetSystemTime
lstrlenW
MultiByteToWideChar
FormatMessageW
LocalFree
LocalAlloc
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
FreeLibrary
LocalReAlloc
GetUserDefaultLCID
CopyFileW
GlobalUnlock
GlobalLock
FileTimeToSystemTime
GetLocaleInfoW
GetTickCount
FormatMessageA
GetACP
LocalFileTimeToFileTime
CompareStringA
SetLastError
GetLastError
CloseHandle
CreateFileW
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
GetSystemTimeAsFileTime
ActivateActCtx
GetDateFormatW
GetWindowsDirectoryW
GetVersionExW
lstrcmpA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
InterlockedExchange
GetTimeFormatW
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
RaiseException
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcmpW
VirtualAlloc

user32

IsWindow
LoadStringW
LoadStringA
SendMessageW
PostMessageW
FindWindowW
GetWindowTextW
MessageBoxW
GetClientRect
GetSysColor
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetSubMenu
RemoveMenu
DispatchMessageW
GetPropW
SetPropW
RemovePropW
GetForegroundWindow
CheckDlgButton
GetParent
CheckRadioButton
EnableMenuItem
SetMenuDefaultItem
LoadIconW
GetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
SetDlgItemInt
GetSystemMetrics
DestroyIcon
LoadImageW
LoadCursorW
SetCursor
LoadMenuW
DestroyMenu
RegisterClipboardFormatW
RegisterClassW
DefWindowProcW
EndDialog
SetWindowLongW
SetDlgItemTextW
ShowWindow
MessageBeep
GetDesktopWindow
SetDlgItemTextA
DialogBoxParamW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
EnableWindow
CreateWindowExW
MessageBoxIndirectW
GetWindowLongW
IsDlgButtonChecked
KillTimer
SetTimer
RegisterWindowMessageW
DestroyWindow

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shlwapi

StrSpnA
SHGetValueW
StrChrW
SHDeleteKeyW
StrCmpIW
StrCmpW
StrDupW
StrRChrW
PathFindFileNameW
PathCombineW
PathIsDirectoryW
StrCmpNIW
PathFindExtensionW
PathIsURLW
SHStrDupW
StrFormatByteSizeW
PathRemoveBlanksW
StrTrimW
UrlCompareW
SHEnumValueW
PathAppendW
PathStripPathW
UrlCombineW
StrCSpnA

msi

MsiEnableLogA
MsiExtractPatchXMLDataW
MsiConfigureFeatureW
MsiApplyMultiplePatchesW
MsiGetProductInfoFromScriptA
MsiFormatRecordW
MsiGetProductInfoA
MsiUseFeatureExW
MsiDeleteUserDataW
MsiAdvertiseScriptA
MsiEnumProductsExW
MsiRecordGetInteger
MsiQueryProductStateW
DllUnregisterServer
MsiEnumRelatedProductsA
MsiConfigureFeatureFromDescriptorW
MsiDeleteUserDataA
MsiMessageBoxW
MsiDecomposeDescriptorA
MsiEnumFeaturesW
MsiDatabaseApplyTransformW
MsiEnumComponentCostsW
MsiDatabaseMergeA
MsiGetFeatureInfoW
MsiEnumClientsA
MsiViewExecute
DllGetClassObject
MsiLocateComponentW
MsiQueryComponentStateA
MsiMessageBoxExW
MsiOpenPackageExA
MsiDatabaseExportA

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 1KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3e2953d4b4437575507d5f4f8cd6c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

56:18:6e:80:f1:7c:7f:c4:84:e3:72:be:f8:a6:b3:fe:f4:1b:fa:f9Signer

Headers

File Characteristics

Imports

msvcrt

ntdll

gdi32

kernel32

user32

advapi32

shlwapi

msi

Sections

.text Size: 17KB - Virtual size: 16KB

UPX0 Size: 1024B - Virtual size: 5KB

.rdata Size: 6KB - Virtual size: 5KB

UPX1 Size: 1KB - Virtual size: 40KB

UPX2 Size: 3KB - Virtual size: 32KB

.rdata Size: 143KB - Virtual size: 243KB

UPX3 Size: 3KB - Virtual size: 41KB

.rsrc Size: 1024B - Virtual size: 756B

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:18:6e:80:f1:7c:7f:c4:84:e3:72:be:f8:a6:b3:fe:f4:1b:fa:f9
Signer

.text
Size: 17KB - Virtual size: 16KB

UPX0
Size: 1024B - Virtual size: 5KB

.rdata
Size: 6KB - Virtual size: 5KB

UPX1
Size: 1KB - Virtual size: 40KB

UPX2
Size: 3KB - Virtual size: 32KB

.rdata
Size: 143KB - Virtual size: 243KB

UPX3
Size: 3KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 756B

.reloc
Size: 3KB - Virtual size: 4KB