37d1e20bef6a06793eb1221b5faa2cd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37d1e20bef6a06793eb1221b5faa2cd5_JaffaCakes118
Size

205KB
MD5

37d1e20bef6a06793eb1221b5faa2cd5
SHA1

d8df907dc592ad95a4a7697e42ec7065be432d59
SHA256

7b69bf8825a8df6b0740dd3706c6db578910f325652c0dbfb03495eab6fba6fd
SHA512

5a742761ae5fdd2847f87cd233121866738de4c8b48396f245a37fb4f976057e99fd9aa98ab6dd9f1abc9b01bed36b553d660ac4c343c6379aa39858ea16ca3c
SSDEEP

6144:EQSS83AasNET3kQferPznGB6aYyGVyvoeSRbyB:EQD8S63B4iBfGVyvoeGbyB

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

37d1e20bef6a06793eb1221b5faa2cd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:00:07:90:80:d4:ed:fd:1e:56:7d:7e:02:de:0b:95
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/01/2010, 00:00

Not After

19/01/2011, 23:59

Subject

CN=ITglobal,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ITglobal,L=Haeundae-gu\ ,ST=pusan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:09:3c:52:80:c7:f7:f7:a7:ea:0c:bc:57:77:55:3c:73:e5:21:cc
Signer

Actual PE Digest

cc:09:3c:52:80:c7:f7:f7:a7:ea:0c:bc:57:77:55:3c:73:e5:21:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:00:07:90:80:d4:ed:fd:1e:56:7d:7e:02:de:0b:95Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

cc:09:3c:52:80:c7:f7:f7:a7:ea:0c:bc:57:77:55:3c:73:e5:21:ccSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.9MB

UPX1 Size: 190KB - Virtual size: 192KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:00:07:90:80:d4:ed:fd:1e:56:7d:7e:02:de:0b:95
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

cc:09:3c:52:80:c7:f7:f7:a7:ea:0c:bc:57:77:55:3c:73:e5:21:cc
Signer

UPX0
Size: - Virtual size: 1.9MB

UPX1
Size: 190KB - Virtual size: 192KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB