f58bd71ad30a2b0d84fbcaf10177a29e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f58bd71ad30a2b0d84fbcaf10177a29e_JaffaCakes118
Size

1.3MB
MD5

f58bd71ad30a2b0d84fbcaf10177a29e
SHA1

27e93b6f4fcde578a05ee480f34d4e08df4b1b8c
SHA256

e88953926e40032eaa3d02e186365ac24c1d1f8d45a8af2bfb9a701ea659ced1
SHA512

bea294042b4f2e545a6c7dcf45a69faaf09c8f671c708b2a32496729717adb01b1dfda3348fae4f8718c2e04e618d2f9b0ecf07eb2f8ab797438ac46a53ae3b4
SSDEEP

24576:eqN/JWSVxH35DMw2n/qIjtAT3Gn4/izRXTOkMtrIceMaFPjkjD29qH:eCWSVh35DMnCIjtAynakOElMaFLkj

Score

1^/10

Malware Config

Signatures

Files

f58bd71ad30a2b0d84fbcaf10177a29e_JaffaCakes118
.exe windows:10 windows x64 arch:x64

34ab9ecd1566711ad1baa609e7db9a6b

Code Sign

33:00:00:02:31:32:34:cb:af:a8:ab:9a:4d:00:00:00:00:02:31
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:09:ee:4d:34:b2:34:0d:9c:f0:0e:d4:a1:04:ba:21:43:d2:9a:52:f9:fa:66:f4:a4:79:9d:68:dd:89:e0:84
Signer

Actual PE Digest

57:09:ee:4d:34:b2:34:0d:9c:f0:0e:d4:a1:04:ba:21:43:d2:9a:52:f9:fa:66:f4:a4:79:9d:68:dd:89:e0:84

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

culauncher.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsupr_s
memcpy
_o_exit
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstok_s
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
wcsstr
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcschr
memmove
__CxxFrameHandler3
memcmp

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
SizeofResource
FindResourceExW
GetModuleFileNameW
FreeLibrary
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
LockResource

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
InitializeSRWLock
ResetEvent
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
CreateMutexW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
HeapDestroy
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetStartupInfoW
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromString
CoInitializeEx
CoTaskMemRealloc
CoGetApartmentType
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoRegisterClassObject
CoTaskMemFree
CoWaitForMultipleHandles
CoUninitialize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
FindResourceW
LoadLibraryW
MoveFileW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW
LocalFileTimeToFileTime
WriteFile
CreateDirectoryW
GetTempFileNameW
GetFileAttributesW
DeleteFileW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine

crypt32

CryptStringToBinaryW
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

shlwapi

ord354

shell32

SHQueryUserNotificationState
CommandLineToArgvW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

ext-ms-win-session-wtsapi32-l1-1-0

WTSEnumerateSessionsW
WTSFreeMemory

netapi32

NetApiBufferFree

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryOption
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

ntdll

RtlConvertDeviceFamilyInfoToString

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

cryptsp

CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-util-l1-1-0

DecodePointer

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

UnregisterClassA

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

ext-ms-win-setupapi-classinstallers-l1-1-2

SetupIterateCabinetW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34ab9ecd1566711ad1baa609e7db9a6b

Code Sign

33:00:00:02:31:32:34:cb:af:a8:ab:9a:4d:00:00:00:00:02:31Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

57:09:ee:4d:34:b2:34:0d:9c:f0:0e:d4:a1:04:ba:21:43:d2:9a:52:f9:fa:66:f4:a4:79:9d:68:dd:89:e0:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-shutdown-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-path-l1-1-0

crypt32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

shlwapi

shell32

api-ms-win-core-winrt-error-l1-1-0

ext-ms-win-session-wtsapi32-l1-1-0

netapi32

winhttp

api-ms-win-core-version-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

ntdll

api-ms-win-core-processenvironment-l1-1-0

cryptsp

api-ms-win-core-file-l1-2-0

api-ms-win-core-util-l1-1-0

version

user32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

wintrust

ext-ms-win-setupapi-classinstallers-l1-1-2

wininet

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 137KB - Virtual size: 137KB

.reloc Size: 1024B - Virtual size: 696B

33:00:00:02:31:32:34:cb:af:a8:ab:9a:4d:00:00:00:00:02:31
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

57:09:ee:4d:34:b2:34:0d:9c:f0:0e:d4:a1:04:ba:21:43:d2:9a:52:f9:fa:66:f4:a4:79:9d:68:dd:89:e0:84
Signer

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 137KB - Virtual size: 137KB

.reloc
Size: 1024B - Virtual size: 696B