ebb14ef9cc7aa66a46efc340c04a2346_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebb14ef9cc7aa66a46efc340c04a2346_JaffaCakes118
Size

79KB
MD5

ebb14ef9cc7aa66a46efc340c04a2346
SHA1

fa31642374aeb6d25dda765975398f525e3edfe7
SHA256

435f2f3d119ba5da2af29f320283bb2413e1f395c5bd0a4e2d3a5b52fad6e5c7
SHA512

424e7a375d0354f9944806702960dc99ebcd9856f2a74e17b04bc1756266fc1f02aac2392d25c2facd0783b9deec4287a02e8bc711d65d85dc58987bea4aa9bf
SSDEEP

1536:HzP5foBvUPfGbXm7gqVOgAytcqgOYH9AAvagVl1XWwUo+rrB:TPpoaQIgigRtA8agVl1XVUrJ

Score

1^/10

Malware Config

Signatures

Files

ebb14ef9cc7aa66a46efc340c04a2346_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8670da1092740346747b4175fc0d3510

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:fc:ed:e4:e5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2010, 04:47

Not After

05/01/2011, 04:47

Subject

CN=Beijing BoDong Wanjie Network Technology Co.Ltd,O=Beijing BoDong Wanjie Network Technology Co.Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:49:b4:86:d3:48:3e:77:39:9d:e7:11:78:1d:f3:04:32:69:49:21
Signer

Actual PE Digest

45:49:b4:86:d3:48:3e:77:39:9d:e7:11:78:1d:f3:04:32:69:49:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetPrivateProfileSectionA
GetModuleHandleA
GetSystemTimeAsFileTime
FlushFileBuffers
SetStdHandle
GetLastError
Sleep
GetModuleFileNameA
GetProcessHeap
GetLogicalDrives
GetShortPathNameA
CreateProcessA
CreateDirectoryA
GetDiskFreeSpaceExA
OpenFileMappingA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetVersionExA
CreateToolhelp32Snapshot
CloseHandle
Process32First
Process32Next
OpenProcess
WideCharToMultiByte
RaiseException
RtlUnwind
HeapFree
GetCommandLineA
HeapAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
ExitProcess
TerminateProcess
GetCurrentProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetACP
GetOEMCP
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
SetFilePointer

advapi32

ControlService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeleteService
StartServiceA
QueryServiceStatus
CreateServiceA
ChangeServiceConfig2A
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeregisterEventSource
RegCreateKeyA
GetUserNameA
CreateProcessAsUserA
RegNotifyChangeKeyValue
OpenProcessToken

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8670da1092740346747b4175fc0d3510

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:fc:ed:e4:e5Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

45:49:b4:86:d3:48:3e:77:39:9d:e7:11:78:1d:f3:04:32:69:49:21Signer

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 880B

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:fc:ed:e4:e5
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

45:49:b4:86:d3:48:3e:77:39:9d:e7:11:78:1d:f3:04:32:69:49:21
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 880B