ff1ec9122d6aaf907b6a590bc254d181_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff1ec9122d6aaf907b6a590bc254d181_JaffaCakes118
Size

243KB
MD5

ff1ec9122d6aaf907b6a590bc254d181
SHA1

b84a162260e986e1819a085b0d18c4f2e6b39d36
SHA256

eefd5ee855d686b3b4dc5f2de13d11ca8970e95974ca55998b103d7bea9ea6c7
SHA512

60a7d1e8fd0f30a5a7b4d3594ffd12c3f17dde5b9ddce727428d8a0247ef48b820f738f9ff9a03ce4a31ff19b14034b8799b7b5e6c89149c25d2290a94dea004
SSDEEP

3072:HxUBZnf+/ZNy0CSc0jkXi9Vb8tNI3E5rwWAeWoPsX8fJA8wXpSejkdTOKYy+1Tj5:OBZniNTC1By9nY8WvWoPsLBjaXJ+dEa

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/VDRIVE/Virtual Drive Manager.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

ff1ec9122d6aaf907b6a590bc254d181_JaffaCakes118
.rar
HA-VDrive.1.3.1.Yonsm.PNG
.png
VDRIVE/Virtual Drive Manager.exe
.exe windows:4 windows x86 arch:x86

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

Issuer

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

Not Before

31-12-2006 16:00

Not After

31-12-2094 16:00

Subject

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:42:0a:bc:c4:b7:e9:34:ee:a3:d2:25:52:68:c7:af:70:30:3f:17
Signer

Actual PE Digest

38:42:0a:bc:c4:b7:e9:34:ee:a3:d2:25:52:68:c7:af:70:30:3f:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VDRIVE/readme.txt
VDRIVE/vdd-x64.sys
.sys windows:6 windows x64 arch:x64

d204322a94f67c141b8f0c62ff2e482e

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

Issuer

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

Not Before

31-12-2006 16:00

Not After

31-12-2094 16:00

Subject

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49
Signer

Actual PE Digest

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\server~1\mfcdev~1\virtua~1\132e6d~1.1\driver\objfre_wlh_amd64\amd64\virtual.pdb

Imports

ntoskrnl.exe

KeSetPriorityThread
PsRevertToSelf
RtlInitUnicodeString
ExInterlockedRemoveHeadList
IoDeleteDevice
ObfDereferenceObject
KeSetEvent
IoCreateDevice
swprintf
ZwQueryInformationFile
KeInitializeEvent
ZwWriteFile
ZwCreateDirectoryObject
SeTokenType
SeCreateClientSecurity
KeDelayExecutionThread
RtlFreeUnicodeString
ZwMakeTemporaryObject
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
SeImpersonateClient
ExAllocatePool
ExInterlockedInsertTailList
PsTerminateSystemThread
ExFreePoolWithTag
ZwClose
RtlAnsiStringToUnicodeString
IofCompleteRequest
ObReferenceObjectByHandle
ZwReadFile
KeWaitForSingleObject
KeBugCheckEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDRIVE/vdd-x86.sys
.sys windows:6 windows x86 arch:x86

092619e7eded6ad2f5eea1e49e3eaeff

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

Issuer

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

Not Before

31-12-2006 16:00

Not After

31-12-2094 16:00

Subject

CN=gzXW,OU=gzXW Workshop,O=gzXW Workshop

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:aa:33:d5:7a:7f:56:50:ce:e3:3d:43:c9:e6:e9:b1:4f:a5:f9:3f
Signer

Actual PE Digest

7a:aa:33:d5:7a:7f:56:50:ce:e3:3d:43:c9:e6:e9:b1:4f:a5:f9:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\server~1\mfcdev~1\virtua~1\132e6d~1.1\driver\objfre_wlh_x86\i386\virtual.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
ExFreePoolWithTag
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
KeGetCurrentThread
ExAllocatePool
ZwClose
ZwQueryInformationFile
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
memcpy
PsRevertToSelf
SeImpersonateClient
_aulldiv
memset
ExfInterlockedRemoveHeadList
ZwReadFile
KeDelayExecutionThread
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
KeSetPriorityThread
_allmul
_alldiv
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
IoCreateDevice
RtlInitUnicodeString
swprintf
ZwMakeTemporaryObject
ZwCreateDirectoryObject
KeTickCount
KeBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VDRIVE/新云软件.url
.url
新云软件.url
.url
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:42:0a:bc:c4:b7:e9:34:ee:a3:d2:25:52:68:c7:af:70:30:3f:17Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 340KB

UPX1 Size: 204KB - Virtual size: 204KB

.rsrc Size: 33KB - Virtual size: 36KB

Headers

File Characteristics

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 116KB - Virtual size: 112KB

d204322a94f67c141b8f0c62ff2e482e

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 580B

.data Size: 512B - Virtual size: 280B

.pdata Size: 512B - Virtual size: 144B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 936B

092619e7eded6ad2f5eea1e49e3eaeff

Code Sign

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7a:aa:33:d5:7a:7f:56:50:ce:e3:3d:43:c9:e6:e9:b1:4f:a5:f9:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 308B

.data Size: 512B - Virtual size: 12B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 512B - Virtual size: 316B

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:42:0a:bc:c4:b7:e9:34:ee:a3:d2:25:52:68:c7:af:70:30:3f:17
Signer

UPX0
Size: - Virtual size: 340KB

UPX1
Size: 204KB - Virtual size: 204KB

.rsrc
Size: 33KB - Virtual size: 36KB

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 116KB - Virtual size: 112KB

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

06:d2:43:a8:62:33:9e:ef:c0:f1:9c:ff:4f:79:18:95:ea:3f:73:49
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 580B

.data
Size: 512B - Virtual size: 280B

.pdata
Size: 512B - Virtual size: 144B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 936B

68:b6:84:0a:69:0c:71:44:b9:2d:ab:9b:8d:cf:15:90
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7a:aa:33:d5:7a:7f:56:50:ce:e3:3d:43:c9:e6:e9:b1:4f:a5:f9:3f
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 308B

.data
Size: 512B - Virtual size: 12B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 316B