fe5e9fd459eca69963d33cf58bd7e539_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe5e9fd459eca69963d33cf58bd7e539_JaffaCakes118
Size

789KB
MD5

fe5e9fd459eca69963d33cf58bd7e539
SHA1

82f7adbb23bd4061dd82c2277af2ebdc773d2bb9
SHA256

6eb059da694e908fca6ca31a5bdf29ebb95ada210e666dfa171f9db4b2205b93
SHA512

cfa369e6d9a9585f11b9b4ada795f2e185c578bd8c07a3e03ef555c5c3bbb5895ff830115ebd9c1f24513011fe2aa56bea93b199c4bee2af5f399673a3bf95a8
SSDEEP

12288:LKmPsNe5DuJIU9NqvDhwZ6nw8u4y9fL0brZpZ40M2TNRCVwrMutT1FEg:LKMaXmvs6nw87Qf6rZpSPwC2MI/Eg

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
sample	agile_net

Files

fe5e9fd459eca69963d33cf58bd7e539_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:e5:a3:07:97:ef:eb:90:99:4a:2c:99:e9:db:46:68
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/08/2020, 18:36

Not After

04/08/2023, 18:36

Subject

SERIALNUMBER=6703101,CN=Signal Messenger\, LLC,O=Signal Messenger\, LLC,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:0c:d6:e1:3e:e5:1e:5c:cc:4b:3a:62:a2:b7:25:11:46:d3:ab:fe:fb:f4:7c:74:24:cb:5a:86:4c:92:7c:df
Signer

Actual PE Digest

ef:0c:d6:e1:3e:e5:1e:5c:cc:4b:3a:62:a2:b7:25:11:46:d3:ab:fe:fb:f4:7c:74:24:cb:5a:86:4c:92:7c:df

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\0gFQn07yeO85weM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

20:e5:a3:07:97:ef:eb:90:99:4a:2c:99:e9:db:46:68Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ef:0c:d6:e1:3e:e5:1e:5c:cc:4b:3a:62:a2:b7:25:11:46:d3:ab:fe:fb:f4:7c:74:24:cb:5a:86:4c:92:7c:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 679KB - Virtual size: 678KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 512B - Virtual size: 12B

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

20:e5:a3:07:97:ef:eb:90:99:4a:2c:99:e9:db:46:68
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ef:0c:d6:e1:3e:e5:1e:5c:cc:4b:3a:62:a2:b7:25:11:46:d3:ab:fe:fb:f4:7c:74:24:cb:5a:86:4c:92:7c:df
Signer

.text
Size: 679KB - Virtual size: 678KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 512B - Virtual size: 12B