fe7c5a904a282ec7796953301e642bb1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe7c5a904a282ec7796953301e642bb1_JaffaCakes118
Size

82KB
MD5

fe7c5a904a282ec7796953301e642bb1
SHA1

1d2a66216c1ac71f6d7920eab0a8e21bd3476fa5
SHA256

031cfcbca39b9e8b8f1e571f9e182d8aa6d6c7f823c93f8792af4d022992c600
SHA512

8562b98bbd8ffcd349b404fb71a3c16def7f1d33131fe64894fe6104ca3a7f04dd5ea3544e60ecfe7e962bea20d1001a1183d9f8a74cc9247e8e6c9fce76f725
SSDEEP

1536:sjHdC5ELgI57ivdaB7LYoLhN/yGPEXFmZY8eX/wvzqr:sjHdC2Ji24Wv/yxXFmFBzu

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

fe7c5a904a282ec7796953301e642bb1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

02
Certificate

Issuer

CN=Microsoft Corp,OU=Authority,O=Microsoft,L=Richmond,ST=VA,C=US,1.2.840.113549.1.9.1=#0c1862696c6c2e6761746573406d6963726f736f66742e636f6d

Not Before

05/03/2008, 16:49

Not After

03/03/2018, 16:49

Subject

CN=Adobe Systems Incorporated,OU=CodeSigning,O=Microsoft,ST=VA,C=US,1.2.840.113549.1.9.1=#0c1862696c6c2e6761746573406d6963726f736f66742e636f6d

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

02Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 120KB

UPX1 Size: 73KB - Virtual size: 76KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 11KB

02
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

UPX0
Size: - Virtual size: 120KB

UPX1
Size: 73KB - Virtual size: 76KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 11KB