f3feacff6b771c53e6093a8675095f10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3feacff6b771c53e6093a8675095f10_JaffaCakes118
Size

19.0MB
MD5

f3feacff6b771c53e6093a8675095f10
SHA1

52fec71deceed777af96acd665709ae21b496556
SHA256

3ef0bc9f86c594e919eff22c51345e7b5e0de1b1d6bdc62a34a28cda17a8d90c
SHA512

bb272f9b7f8f1d49d26af0209bb49094dcb326720eea0b623a5b758f5669dab4a7070b42335f0dd64ac6a026a6d53c023e1e4fa3546afdda2c459265139234c5
SSDEEP

393216:yTzUmZNvCNBZaf1WwYpChuKBYWFKinhpHg6Qh5bY7qJg2YpM:+zUeyg9Dz/2hG7+YpM

Score

1^/10

Malware Config

Signatures

Files

f3feacff6b771c53e6093a8675095f10_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4f03247e8e2133cbc29da43042c8041e

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

35:b8:31:ff:a7:8a:10:66:2e:20:88:7d:e9:7c:5a:e6:dc:78:dd:73
Signer

Actual PE Digest

35:b8:31:ff:a7:8a:10:66:2e:20:88:7d:e9:7c:5a:e6:dc:78:dd:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WLSuite.pdb

Imports

advapi32

TraceMessage
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation

kernel32

SetLastError
LocalFree
CloseHandle
GetCurrentThread
GlobalAlloc
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
WaitForSingleObject
CreateFileW
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetVersionExW
GetProcAddress
Sleep
RemoveDirectoryW
DeleteFileW
CreateEventW
SetEvent
GetCurrentProcessId
GetTempPathW
CreateDirectoryW
GetExitCodeProcess
LocalUnlock
LockResource
FormatMessageW
CreateMutexW
VerLanguageNameW
GetModuleHandleW
lstrlenW
GetCurrentProcess
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
LoadResource
RaiseException
FindResourceExW
FindResourceW
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetOEMCP
GetCPInfo
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SizeofResource
LocalLock
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

gdi32

CreateCompatibleDC
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
GetObjectW

user32

DispatchMessageA
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjects
IsRectEmpty
PeekMessageW
MessageBoxW
MapDialogRect
SetWindowContextHelpId
PostThreadMessageW
GetSystemMetrics
EndDialog
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
LoadIconW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
MoveWindow
CharNextW
GetSysColor
DefWindowProcW
GetKeyState
GetFocus
GetWindow
SystemParametersInfoW
MapWindowPoints
IsWindow
IsDialogMessageW
GetDlgItem
IsChild
SendDlgItemMessageW
GetNextDlgTabItem
EnableWindow
ShowWindow
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
PostMessageW
PostQuitMessage
GetWindowLongW
CreateWindowExW
RegisterClassExW
SendMessageW
LoadCursorW
GetClassInfoExW
GetDlgCtrlID
GetParent
SetWindowLongW
DestroyWindow
GetDesktopWindow
UnregisterClassA

shell32

ord680
CommandLineToArgvW
SHAppBarMessage
ShellExecuteExW

ole32

CoUninitialize
CoQueryProxyBlanket
CoInitializeEx
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CoCopyProxy

oleaut32

VarBstrCmp
VariantClear
VariantInit
SafeArrayLock
SafeArrayUnlock
SysFreeString
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
DispCallFunc
SysAllocString
VariantChangeType

rpcrt4

UuidFromStringW
UuidCreate

shlwapi

PathAppendW
PathAddBackslashW
PathFindFileNameW
PathCombineW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData

crypt32

CertVerifyCertificateChainPolicy

userenv

UnloadUserProfile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f03247e8e2133cbc29da43042c8041e

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

35:b8:31:ff:a7:8a:10:66:2e:20:88:7d:e9:7c:5a:e6:dc:78:dd:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

rpcrt4

shlwapi

wintrust

crypt32

userenv

version

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 18.8MB - Virtual size: 18.8MB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

35:b8:31:ff:a7:8a:10:66:2e:20:88:7d:e9:7c:5a:e6:dc:78:dd:73
Signer

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 18.8MB - Virtual size: 18.8MB