024400cbf0ac2a97e93853ab742d4791_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

024400cbf0ac2a97e93853ab742d4791_JaffaCakes118
Size

5.6MB
MD5

024400cbf0ac2a97e93853ab742d4791
SHA1

660f77ebf38170f1f6eb19dc5b7825c8eac73924
SHA256

7d15651c9cd4387b6f1e358aede84d751e37b71d8b3bb94503226973920a4499
SHA512

c052b5abebf0135ee4a9ca503cf855c63c9ce5459bba5c53bec62282a0eb9b1acdce58252b82a558c3e875fe953da33fe68249b9aea74dad047dfeb64c5df9e9
SSDEEP

98304:uwbMS1ZrnB0vrbzzzzzkzzzzzlMtlIlbslzEsuMnrcX+M7SO3X8asQmzH2M1dfUA:uwAS1ZjB2bzzzzzkzzzzzeubslVu3HSx

Score

1^/10

Malware Config

Signatures

Files

024400cbf0ac2a97e93853ab742d4791_JaffaCakes118
.exe windows:5 windows x86 arch:x86

24b512dfc9e26c89b5bd5c90511b1e34

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/06/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:8f:c6:4e:f1:cd:a2:c4:3c:44:4c:c2:13:b2:d5:fe:e0:59:1f:27:39:7c:4f:d4:26:4a:74:0f:24:e4:06:4a
Signer

Actual PE Digest

76:8f:c6:4e:f1:cd:a2:c4:3c:44:4c:c2:13:b2:d5:fe:e0:59:1f:27:39:7c:4f:d4:26:4a:74:0f:24:e4:06:4a

Digest Algorithm

sha256

PE Digest Matches

true

62:a6:f4:db:6f:5c:db:fd:45:d6:a2:fa:18:f5:36:22:26:4f:8c:03
Signer

Actual PE Digest

62:a6:f4:db:6f:5c:db:fd:45:d6:a2:fa:18:f5:36:22:26:4f:8c:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\7zSfx_xor.pdb

Imports

user32

CharUpperW
PostMessageA
wsprintfA
CharUpperA
FindWindowA
SendMessageA
GetWindowInfo
IsChild
GetDesktopWindow
GetLastActivePopup
GetWindowThreadProcessId
GetForegroundWindow
IsWindow

oleaut32

SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
SysStringLen
VarBstrCat
VariantInit
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey

kernel32

QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapCreate
ExitProcess
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
GetTempPathA
CreateFileW
GetTempPathW
VirtualProtect
GetProcAddress
LoadLibraryA
lstrlenA
Sleep
GetFileAttributesA
GetSystemTime
GetTickCount
GetCurrentProcessId
RemoveDirectoryA
FindClose
GetLastError
FindNextFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
WriteFile
ReadFile
SetFilePointer
CloseHandle
GetFileSizeEx
GetPrivateProfileSectionA
GetFileSize
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SizeofResource
LoadResource
FindResourceA
lstrcpynA
OutputDebugStringA
GetCurrentThreadId
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileA
GetModuleFileNameA
GetLocalTime
FreeLibrary
GetDiskFreeSpaceA
lstrcpyA
GetModuleHandleA
GetVersionExA
lstrcatA
CreateDirectoryA
GetCommandLineA
SetEndOfFile
WritePrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
FindResourceExA
LockResource
SetUnhandledExceptionFilter
SuspendThread
RaiseException
ReleaseMutex
CreateMutexA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
SetFileTime
SetFileAttributesW
CreateDirectoryW
DeleteFileW
FindFirstFileW
FileTimeToSystemTime
GetSystemInfo
lstrcmpiA
SetEnvironmentVariableA
FileTimeToLocalFileTime
lstrcmpA
LocalFree
LocalAlloc
HeapFree
GetProcessHeap
HeapAlloc
TerminateThread
GetExitCodeThread
ReadProcessMemory
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileAttributesExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
DeviceIoControl
InterlockedDecrement
HeapDestroy
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedIncrement
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
OpenProcess
FlushFileBuffers

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoSetProxyBlanket

shlwapi

PathFileExistsA
PathRemoveExtensionA
PathFindFileNameW
PathAppendW
StrStrIA
PathFindFileNameA
PathRemoveExtensionW
StrStrIW
PathAppendA

wininet

HttpQueryInfoA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetAttemptConnect

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFreeCertificateContext

rpcrt4

UuidCreate

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24b512dfc9e26c89b5bd5c90511b1e34

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

76:8f:c6:4e:f1:cd:a2:c4:3c:44:4c:c2:13:b2:d5:fe:e0:59:1f:27:39:7c:4f:d4:26:4a:74:0f:24:e4:06:4aSigner

62:a6:f4:db:6f:5c:db:fd:45:d6:a2:fa:18:f5:36:22:26:4f:8c:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

oleaut32

advapi32

kernel32

ole32

shlwapi

wininet

version

crypt32

rpcrt4

setupapi

iphlpapi

Sections

.text Size: 463KB - Virtual size: 462KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 16KB - Virtual size: 1.0MB

.rsrc Size: 841KB - Virtual size: 840KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

76:8f:c6:4e:f1:cd:a2:c4:3c:44:4c:c2:13:b2:d5:fe:e0:59:1f:27:39:7c:4f:d4:26:4a:74:0f:24:e4:06:4a
Signer

62:a6:f4:db:6f:5c:db:fd:45:d6:a2:fa:18:f5:36:22:26:4f:8c:03
Signer

.text
Size: 463KB - Virtual size: 462KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 16KB - Virtual size: 1.0MB

.rsrc
Size: 841KB - Virtual size: 840KB