2aadca0eace2b3e96d0157364f6cfcfa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2aadca0eace2b3e96d0157364f6cfcfa_JaffaCakes118
Size

3.5MB
MD5

2aadca0eace2b3e96d0157364f6cfcfa
SHA1

32878c51d6b47dbba4db8d8e31e2245660340746
SHA256

1d0cb1c9f4f15c60be40efa5a9f0fe36787366b9c96c83c1048afe3a671b345c
SHA512

4931b28958d948bc8b0053aa4c99a2014c7f4092f3e8d9702c3a8bfdb4186909e3befb57252a1e12d799e33708c0f15d38e58d8a3a8b71c24015716900d48733
SSDEEP

49152:fPh2LRe+K3l5T+mgvaQTzudiHYRJ+SQV1lZZ3hXBSJlFZ5VEhuzMyAI8M:fAF8+NZp+HzfYM

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

2aadca0eace2b3e96d0157364f6cfcfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

28:0b:63:cf:38:93:4e
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/06/2013, 09:51

Not After

31/01/2014, 19:35

Subject

CN=One Installer LLC,O=One Installer LLC,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:ed:a3:af:21:19:a4:3e:4d:ce:ec:fd:74:25:73:cb:fb:9d:f3:cc
Signer

Actual PE Digest

8e:ed:a3:af:21:19:a4:3e:4d:ce:ec:fd:74:25:73:cb:fb:9d:f3:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

28:0b:63:cf:38:93:4eCertificate

Extended Key Usages

Key Usages

8e:ed:a3:af:21:19:a4:3e:4d:ce:ec:fd:74:25:73:cb:fb:9d:f3:ccSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 141KB - Virtual size: 144KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 36KB - Virtual size: 35KB

28:0b:63:cf:38:93:4e
Certificate

8e:ed:a3:af:21:19:a4:3e:4d:ce:ec:fd:74:25:73:cb:fb:9d:f3:cc
Signer

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 141KB - Virtual size: 144KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 36KB - Virtual size: 35KB