f20f813584ad727e6cb90ba2a21df7b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f20f813584ad727e6cb90ba2a21df7b5_JaffaCakes118
Size

3.0MB
MD5

f20f813584ad727e6cb90ba2a21df7b5
SHA1

5e02ab4970935d3f454814b7e9b48989575d702f
SHA256

45bb42d3d53746feb4652df36832e39c2319f6fef5d768b909e85beca17bb96f
SHA512

689d8d419a4770e0fa9e725af43c2a6f02f5a9c61a3f9d49b77d11cc161453669ce1d4d0cfe8d3c913e0891768bdcb02eb22e3bf1fb80113d8fdf0dcba6df2e4
SSDEEP

49152:sh3WYTdgxZJgMLgpnihtopBu9L4hynPT25LFGd3qm1KVnkJaQfUr8CWPqRKLH9J3:sJD4JH2ieA5JPTx1qen08oRKLH9JHth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crack/DriveCrypt.exe

Files

f20f813584ad727e6cb90ba2a21df7b5_JaffaCakes118
.rar
crack/DriveCrypt.exe
.exe windows:4 windows x86 arch:x86

3ede871f504dee75b485f08c01cf3ea1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

Size: 168KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup.exe
.exe windows:4 windows x86 arch:x86

f13a0a4c9f198f6c67969983bf216372

Code Sign

01:00:00:00:00:01:11:ea:7d:2e:62
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2007, 10:29

Not After

13/04/2010, 10:29

Subject

CN=SecurStar GmbH,O=SecurStar GmbH,C=DE,1.2.840.113549.1.9.1=#0c15636f6e74616374407365637572737461722e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:04:ff:59:2f:13:1e:52:7d:f3:67:b0:8a:15:25:11:19:95:78:99
Signer

Actual PE Digest

06:04:ff:59:2f:13:1e:52:7d:f3:67:b0:8a:15:25:11:19:95:78:99

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
HeapAlloc
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
ExitProcess
GetStartupInfoA
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
GetVersionExA
CreateThread
ExitThread
SetCurrentDirectoryA
Sleep
WriteFile
ReleaseMutex
FlushFileBuffers
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryA
GetVersion
CreateFileA
CloseHandle
CreateDirectoryA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
DeleteFileA
CreateMutexA
GetLastError
GetFileType
SetStdHandle

user32

SetWindowTextA
GetWindowRect
RedrawWindow
MessageBeep
DrawTextA
GetWindowTextA
GetDC
ReleaseDC
wsprintfA
ExitWindowsEx
SendMessageA
CreateDialogParamA
SetDlgItemTextA
SetFocus
GetParent
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
EndDialog
GetDlgItemTextA
GetDlgItem
EnableWindow
BeginPaint
GetClientRect
EndPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
PostMessageA
LoadBitmapA
CreateWindowExA
ShowWindow
GetSystemMetrics
SetWindowPos
UpdateWindow
PostQuitMessage
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
MessageBoxA
LoadAcceleratorsA
GetMessageA

gdi32

CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
GetStockObject
SetBkColor
GetDeviceCaps
CreateDCA

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHChangeNotify

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

3ede871f504dee75b485f08c01cf3ea1

Headers

File Characteristics

Imports

kernel32

user32

Sections

Size: 168KB - Virtual size: 348KB

Size: 16KB - Virtual size: 24KB

Size: 36KB - Virtual size: 940KB

Size: 80KB - Virtual size: 1.2MB

Size: 260KB - Virtual size: 260KB

Size: 4KB - Virtual size: 8KB

Size: 48KB - Virtual size: 72KB

Size: 4KB - Virtual size: 4KB

Size: 8KB - Virtual size: 28KB

f13a0a4c9f198f6c67969983bf216372

Code Sign

01:00:00:00:00:01:11:ea:7d:2e:62Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

06:04:ff:59:2f:13:1e:52:7d:f3:67:b0:8a:15:25:11:19:95:78:99Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 3.5MB - Virtual size: 3.5MB

.rsrc Size: 228KB - Virtual size: 225KB

01:00:00:00:00:01:11:ea:7d:2e:62
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

06:04:ff:59:2f:13:1e:52:7d:f3:67:b0:8a:15:25:11:19:95:78:99
Signer

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 228KB - Virtual size: 225KB