2915fd9377b2d610736f4230d71df598_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2915fd9377b2d610736f4230d71df598_JaffaCakes118
Size

2.3MB
MD5

2915fd9377b2d610736f4230d71df598
SHA1

f06dca2251e9127ed8a7c4d57bf33d8b3c76b3d0
SHA256

1d947b8366c6c24d31591986bc7953e4abc4492c97d45dbc0d89b8a81e4fdffc
SHA512

7b16a558b0cc3d66f4ff717c6654b92c46dc867359877166f236b719f0cc8459913300b5c2ed60627b75973ad3d3f12a8d206ab177828df5a8d08216ac3c417c
SSDEEP

49152:WZ9ZGfiKSLh9ZexjSVSy11XOLQBqdWRblUNTd9Oem0Kab6JI7:W2ih19Zexja11XOMIYOdzOanKW

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/SealMaker/ImageLib.dll	aspack_v212_v242
static1/unpack001/SealMaker/PKICoreDll.dll	aspack_v212_v242
static1/unpack001/SealMaker/templates/ExtSealTemps.stp	aspack_v212_v242

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SealMaker/ImageLib.dll	upx
static1/unpack001/SealMaker/PKICoreDll.dll	upx
static1/unpack001/SealMaker/templates/ExtSealTemps.stp	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SealMaker/SealMaker.exe
unpack001/SealMaker/templates/ExtSealTemps.stp

Files

2915fd9377b2d610736f4230d71df598_JaffaCakes118
.zip
SealMaker/ImageLib.dll
.dll windows:5 windows x86 arch:x86

Code Sign

b8:19:1e:63:ee:9e:75:0b
Certificate

Issuer

CN=上海挑战软件技术有限公司,OU=上海挑战软件技术有限公司,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Not Before

22/05/2008, 07:13

Not After

12/12/2015, 04:12

Subject

CN=挑战软件代码签名证书,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Extended Key Usages

ExtKeyUsageCodeSigning

01:00
Certificate

Issuer

CN=上海挑战软件CA认证中心,OU=上海挑战软件CA认证中心,O=上海挑战软件CA认证中心,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Not Before

12/12/2005, 04:12

Not After

12/12/2015, 04:12

Subject

CN=上海挑战软件技术有限公司,OU=上海挑战软件技术有限公司,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

74:17:7b:04:ac:38:00:0b:59:73:92:eb:30:07:10:7f:42:d3:72:7c
Signer

Actual PE Digest

74:17:7b:04:ac:38:00:0b:59:73:92:eb:30:07:10:7f:42:d3:72:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ImageCommand
Rotate
Transform

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 994KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SealMaker/PKICoreDll.dll
.dll windows:5 windows x86 arch:x86

Code Sign

b8:19:1e:63:ee:9e:75:0b
Certificate

Issuer

CN=上海挑战软件技术有限公司,OU=上海挑战软件技术有限公司,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Not Before

22/05/2008, 07:13

Not After

12/12/2015, 04:12

Subject

CN=挑战软件代码签名证书,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Extended Key Usages

ExtKeyUsageCodeSigning

01:00
Certificate

Issuer

CN=上海挑战软件CA认证中心,OU=上海挑战软件CA认证中心,O=上海挑战软件CA认证中心,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

Not Before

12/12/2005, 04:12

Not After

12/12/2015, 04:12

Subject

CN=上海挑战软件技术有限公司,OU=上海挑战软件技术有限公司,O=上海挑战软件技术有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c166368616c6c736f6674406368616c6c736f66742e636e

67:f9:41:77:08:31:83:60:2a:f0:66:c3:58:31:27:15:a5:2f:ef:59
Signer

Actual PE Digest

67:f9:41:77:08:31:83:60:2a:f0:66:c3:58:31:27:15:a5:2f:ef:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 283KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SealMaker/SealMaker.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.nesoy0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nesoy1
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nesoy2
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nesoy3
Size: 854KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nesoy4
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SealMaker/readme.txt
SealMaker/templates/ExtSealTemps.stp
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

b8:19:1e:63:ee:9e:75:0bCertificate

Extended Key Usages

01:00Certificate

74:17:7b:04:ac:38:00:0b:59:73:92:eb:30:07:10:7f:42:d3:72:7cSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 994KB - Virtual size: 1000KB

.rsrc Size: 4KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Code Sign

b8:19:1e:63:ee:9e:75:0bCertificate

Extended Key Usages

01:00Certificate

67:f9:41:77:08:31:83:60:2a:f0:66:c3:58:31:27:15:a5:2f:ef:59Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 468KB

UPX1 Size: 283KB - Virtual size: 288KB

.rsrc Size: 2KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.nesoy0 Size: - Virtual size: 2.8MB

.nesoy1 Size: 46KB - Virtual size: 48KB

.nesoy2 Size: - Virtual size: 36KB

.nesoy3 Size: 854KB - Virtual size: 856KB

.nesoy4 Size: - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 80KB

UPX1 Size: 198KB - Virtual size: 204KB

.rsrc Size: 4KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

b8:19:1e:63:ee:9e:75:0b
Certificate

01:00
Certificate

74:17:7b:04:ac:38:00:0b:59:73:92:eb:30:07:10:7f:42:d3:72:7c
Signer

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 994KB - Virtual size: 1000KB

.rsrc
Size: 4KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

b8:19:1e:63:ee:9e:75:0b
Certificate

01:00
Certificate

67:f9:41:77:08:31:83:60:2a:f0:66:c3:58:31:27:15:a5:2f:ef:59
Signer

UPX0
Size: - Virtual size: 468KB

UPX1
Size: 283KB - Virtual size: 288KB

.rsrc
Size: 2KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.nesoy0
Size: - Virtual size: 2.8MB

.nesoy1
Size: 46KB - Virtual size: 48KB

.nesoy2
Size: - Virtual size: 36KB

.nesoy3
Size: 854KB - Virtual size: 856KB

.nesoy4
Size: - Virtual size: 1KB

UPX0
Size: - Virtual size: 80KB

UPX1
Size: 198KB - Virtual size: 204KB

.rsrc
Size: 4KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB