fea63776874318aa938e846eb4786408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fea63776874318aa938e846eb4786408_JaffaCakes118
Size

136KB
MD5

fea63776874318aa938e846eb4786408
SHA1

064174415c75e221539ed6ad9a342bc8ca0c0c81
SHA256

22e76f25b9f10d05466da7d847549cae18c6065df6adfa672ea89ad2c1bf2dea
SHA512

328c65c255c18505e11bf8421ce77374950c2de072dec0ce20e685b73023df27c3f00de6ea0fad15b7ff9c03e34b5bade243ee52bc0ffd85df4aabc0493cbdf9
SSDEEP

3072:N0QgQbU99ahLXAtVcSTPswS0LXXbYRSvKxCXiRJMQ6o:OdQbU2hLE50HqX7Xivf

Score

1^/10

Malware Config

Signatures

Files

fea63776874318aa938e846eb4786408_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8ef106174d84bf3b62479905e596d5c

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2013, 00:00

Not After

14/09/2016, 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:40:37:92:4c:ed:3a:22:94:7b:32:62:e5:67:ce:e3:4a:c0:67:77
Signer

Actual PE Digest

77:40:37:92:4c:ed:3a:22:94:7b:32:62:e5:67:ce:e3:4a:c0:67:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LocalFree
GetModuleFileNameA
TlsSetValue
CreateThread
GetBinaryTypeA
GetVersionExA
TlsFree
TlsAlloc
CreateMutexA
TlsGetValue
lstrcpyA
OpenFileMappingA
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
OpenMutexA
GetLastError
lstrcmpA
GetCurrentThreadId
lstrcatA
CreateProcessA
CloseHandle
lstrlenW
CreateFileMappingA
WaitForSingleObject
LocalAlloc
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
IsBadWritePtr
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
InterlockedIncrement
GetCurrentProcessId
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
RtlUnwind
HeapFree
HeapAlloc
WideCharToMultiByte
GetCommandLineA
GetVersion
SetLastError
GetCurrentThread
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetLocaleInfoA
GetStdHandle
GetFileType
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
Sleep
GetCurrentProcess
SetHandleCount
IsBadReadPtr
UnhandledExceptionFilter
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
FreeLibrary

user32

GetDC
SendMessageTimeoutA
ReleaseDC
CopyIcon
GetWindowThreadProcessId
WaitForInputIdle
IsWindow
FindWindowExA
wsprintfA
DefWindowProcA
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
UnregisterClassA
DestroyWindow
GetClassNameA
EnumWindows

gdi32

GetObjectA
GetDIBits
CreateDIBitmap

advapi32

FreeSid
IsValidSid
IsValidSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsValidAcl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl

ole32

StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8ef106174d84bf3b62479905e596d5c

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

77:40:37:92:4c:ed:3a:22:94:7b:32:62:e5:67:ce:e3:4a:c0:67:77Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 241KB

DATA Size: 69KB - Virtual size: 68KB

.rsrc Size: 512B - Virtual size: 440B

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

77:40:37:92:4c:ed:3a:22:94:7b:32:62:e5:67:ce:e3:4a:c0:67:77
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 241KB

DATA
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 512B - Virtual size: 440B