0725e9c717335d5a50fc9cc3c34c57e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0725e9c717335d5a50fc9cc3c34c57e0_JaffaCakes118
Size

398KB
MD5

0725e9c717335d5a50fc9cc3c34c57e0
SHA1

440b11e0a302410a81c83feb9b431f82e326ec06
SHA256

3d9de2fefc0b8ff812cdcc64ee5ed9dd96ff70046e55db0f3a8a65964cfb65e9
SHA512

9178439b692915f99e189c85a0992fbfccf1ac9a8684c742d26972987a0c2ea181cf7331b11f95bb9fb8a3cc103376df015645ada2ca1a71ca7a14d89a7c29b0
SSDEEP

12288:0eGusCKrFom1Wa855KclxMSfql6J+Gcme683thtQ0:0IjKrFoIWd5KaONUJQm0tnQ0

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

0725e9c717335d5a50fc9cc3c34c57e0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:8b:7f:c4:83:fb:51
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

13/11/2011, 15:41

Not After

15/11/2013, 12:44

Subject

CN=浙江坚果网络有限公司,O=浙江坚果网络有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1461646d696e40636172646573616c65732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

8d:8b:60:f8:1a:63:14:bc:ca:ea:8c:37:9b:d1:63:79:a6:4b:6a:1e
Signer

Actual PE Digest

8d:8b:60:f8:1a:63:14:bc:ca:ea:8c:37:9b:d1:63:79:a6:4b:6a:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 720KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 375KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

19:9d:f8:8eCertificate

Key Usages

14:8b:7f:c4:83:fb:51Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

8d:8b:60:f8:1a:63:14:bc:ca:ea:8c:37:9b:d1:63:79:a6:4b:6a:1eSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 720KB

UPX1 Size: 375KB - Virtual size: 376KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 905KB - Virtual size: 904KB

DATA Size: 24KB - Virtual size: 23KB

BSS Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 167B

.reloc Size: 52KB - Virtual size: 52KB

.rsrc Size: 43KB - Virtual size: 43KB

19:9d:f8:8e
Certificate

14:8b:7f:c4:83:fb:51
Certificate

3d
Certificate

01
Certificate

8d:8b:60:f8:1a:63:14:bc:ca:ea:8c:37:9b:d1:63:79:a6:4b:6a:1e
Signer

UPX0
Size: - Virtual size: 720KB

UPX1
Size: 375KB - Virtual size: 376KB

.rsrc
Size: 15KB - Virtual size: 16KB

CODE
Size: 905KB - Virtual size: 904KB

DATA
Size: 24KB - Virtual size: 23KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 167B

.reloc
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 43KB - Virtual size: 43KB