fe43a7365ca6b69728095fb3987fb656_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe43a7365ca6b69728095fb3987fb656_JaffaCakes118
Size

114KB
MD5

fe43a7365ca6b69728095fb3987fb656
SHA1

45439005945e2454626a31571642625e412b9c07
SHA256

e5ac58f049ef6b3111ca3937cbe21f2a1780d6e06c09bd7af9a195c3461d3ff6
SHA512

bdb20890480eea70a30e5e10aaee457cdb481766793fe77b438833120f5e0d97559ea50960f609f924b8a95542fd16796a4b9d3e414478f15d5469f76e6d69e4
SSDEEP

1536:T+HRFxP36CCHIoS7zWX6S8pEgBOKhXmOgrrPbC3afqGMLFTQ/yBO3f7Wp8EzmuxO:SHdKS5zLgzTvPbzfDMNQ/yBOzy8LuxRY

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fe43a7365ca6b69728095fb3987fb656_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

15:5a:f1:a4:d9:a7:1d:52:14:a2:7e:f6:9c:0f:9a:6a
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

17/11/2000, 00:00

Not After

17/11/2001, 23:59

Subject

CN=Symantec Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/CPS Incorp. by Ref.\,LIAB.LTD(c)96+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=VeriSign\, Inc.,L=Internet+L=Santa Monica,ST=California,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

4c:b8:73:31:9c:fe:a2:35:7d:c9:47:28:c4:85:60:c0:d8:ca:b7:c2
Signer

Actual PE Digest

4c:b8:73:31:9c:fe:a2:35:7d:c9:47:28:c4:85:60:c0:d8:ca:b7:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

15:5a:f1:a4:d9:a7:1d:52:14:a2:7e:f6:9c:0f:9a:6aCertificate

Key Usages

4c:b8:73:31:9c:fe:a2:35:7d:c9:47:28:c4:85:60:c0:d8:ca:b7:c2Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 324KB

UPX1 Size: 104KB - Virtual size: 108KB

.rsrc Size: 4KB - Virtual size: 4KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

15:5a:f1:a4:d9:a7:1d:52:14:a2:7e:f6:9c:0f:9a:6a
Certificate

4c:b8:73:31:9c:fe:a2:35:7d:c9:47:28:c4:85:60:c0:d8:ca:b7:c2
Signer

UPX0
Size: - Virtual size: 324KB

UPX1
Size: 104KB - Virtual size: 108KB

.rsrc
Size: 4KB - Virtual size: 4KB