fc79ea0ecf52b2a6e34830ad3ae9c6fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc79ea0ecf52b2a6e34830ad3ae9c6fe_JaffaCakes118
Size

549KB
MD5

fc79ea0ecf52b2a6e34830ad3ae9c6fe
SHA1

6a21cdb389663f7b2d4b92bab29b08697f20497e
SHA256

37078dee8b0ba19c913a832ac4add907e1b69f53ac49a0b30988968e20dba671
SHA512

3ba21c8b004d9349e9968e842dad0cd990bf2643a28030601c9df3609d52a15ee3e50d0f942a800ac16ec53287c1007a4f9a8e46ad3b6e2bfa442b407d87e0ce
SSDEEP

12288:K1isnrYjNW2xT6LoESoNtmBoEp2XCfJ7hVgFAFPOpJP3:jhW2w2tBGCf9hi2POL3

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

fc79ea0ecf52b2a6e34830ad3ae9c6fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

27:8e
Certificate

Issuer

CN=CCA India 2011,O=India PKI,C=IN

Not Before

11/03/2011, 06:48

Not After

11/03/2016, 06:48

Subject

CN=CCA India 2011,O=India PKI,C=IN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:96
Certificate

Issuer

CN=CCA India 2011,O=India PKI,C=IN

Not Before

06/04/2011, 11:20

Not After

11/03/2016, 06:30

Subject

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:b7:1a:8c
Certificate

Issuer

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Not Before

11/09/2013, 07:46

Not After

11/09/2015, 18:30

Subject

SERIALNUMBER=0c06cfb2d8ef3648a965d7740a70584b6b521b24e23e7b4fb3eae977c7f57214,CN=PRAMILA JAIN,OU=CID - 2660877,O=Personal,POSTALCODE=302018,ST=Rajasthan,C=IN

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:a7:f8:27:59:c5:d8:89:19:01:c6:2a:47:f1:ed:9a:f0:68:2c:1c
Signer

Actual PE Digest

0e:a7:f8:27:59:c5:d8:89:19:01:c6:2a:47:f1:ed:9a:f0:68:2c:1c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 504KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

27:8eCertificate

Key Usages

27:96Certificate

Key Usages

4d:b7:1a:8cCertificate

Key Usages

0e:a7:f8:27:59:c5:d8:89:19:01:c6:2a:47:f1:ed:9a:f0:68:2c:1cSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 852KB

UPX1 Size: 201KB - Virtual size: 204KB

.rsrc Size: 341KB - Virtual size: 344KB

Headers

File Characteristics

Sections

.text Size: 504KB - Virtual size: 502KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 32KB - Virtual size: 50KB

.idata Size: 20KB - Virtual size: 16KB

.rsrc Size: 344KB - Virtual size: 340KB

.reloc Size: 36KB - Virtual size: 32KB

27:8e
Certificate

27:96
Certificate

4d:b7:1a:8c
Certificate

0e:a7:f8:27:59:c5:d8:89:19:01:c6:2a:47:f1:ed:9a:f0:68:2c:1c
Signer

UPX0
Size: - Virtual size: 852KB

UPX1
Size: 201KB - Virtual size: 204KB

.rsrc
Size: 341KB - Virtual size: 344KB

.text
Size: 504KB - Virtual size: 502KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 32KB - Virtual size: 50KB

.idata
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 344KB - Virtual size: 340KB

.reloc
Size: 36KB - Virtual size: 32KB