04ee50526f9ac6e2670d0746b0bdba27_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04ee50526f9ac6e2670d0746b0bdba27_JaffaCakes118
Size

28.6MB
MD5

04ee50526f9ac6e2670d0746b0bdba27
SHA1

524432df6eb09416e478254ccd0424159f92d9f6
SHA256

a983a18c31ddf69ceb5f514b228aaed4c65eae5532ba1b5df8e5988f9a97897b
SHA512

f0cd4d7cf276a05aa4565c455a142a4fa0de0489b58395e6fde65ade572d8f891442306174abc56afae6d3c96d5aa8cd5e92b30f340b2aa7353951cc5c25ca9b
SSDEEP

393216:41bNtQ5tcz1LG5/TjNVkC7Xl6zk6D5B3R7aRv+VWBqKJe+Sq+TfKCozbZAybKN+g:03QTvB6zk6D97+mEJ++pbbax

Score

1^/10

Malware Config

Signatures

Files

04ee50526f9ac6e2670d0746b0bdba27_JaffaCakes118
.exe windows:5 windows x86 arch:x86

982880a707f2286c5303392cba4718c5

Code Sign

06:e6:6d:c9:03:c5:89:86:7a:54:53:bb:e4:1a:a7:a4
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 00:00

Not After

05/05/2021, 12:00

Subject

CN=GetData Pty Ltd,O=GetData Pty Ltd,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:65:e4:96:c9:f8:22:ae:a2:a8:3b:11:a9:0d:57:4d:05:bf:f9:5c:ff:00:af:fc:93:06:80:26:b8:d8:7c:e8
Signer

Actual PE Digest

59:65:e4:96:c9:f8:22:ae:a2:a8:3b:11:a9:0d:57:4d:05:bf:f9:5c:ff:00:af:fc:93:06:80:26:b8:d8:7c:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
FindFirstFileA
FindNextFileA
FindClose
CreateMutexA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
CreateSemaphoreA
ReleaseSemaphore
CreateFileMappingA
MapViewOfFileEx
CreateFileA
GetFileSizeEx
FormatMessageA
LocalFree
CreateDirectoryA
RemoveDirectoryA
SetEndOfFile
SetFilePointerEx
WriteFile
GetProcAddress
OpenProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
LoadLibraryA
AreFileApisANSI
GetExitCodeProcess
CreateProcessA
FreeLibrary
GetStdHandle
GetConsoleMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
SetFileTime
IsWow64Process
GetProfileStringA
FlushFileBuffers
GetFileTime
ReadFile
SetFilePointer
ExitProcess
TlsGetValue
TlsSetValue
LocalAlloc
MapViewOfFile
GetLastError
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
TlsAlloc
SetEvent
CreateEventA
OpenEventA
WaitForMultipleObjects
IsBadWritePtr
OpenSemaphoreA
FlushInstructionCache
GetVersion
DeviceIoControl
LockFile
UnlockFile
IsBadStringPtrA
IsBadStringPtrW
GetDriveTypeA
ReadConsoleW
CreateFileW
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetEnvironmentVariableA
GetConsoleCP
GetModuleFileNameW
GetOEMCP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
GetCPInfo
HeapReAlloc
GetModuleHandleExW
GetFileType
RtlUnwind
RaiseException
GetStringTypeW
SwitchToThread
GetProcessTimes
Sleep
IsBadReadPtr
GetComputerNameA
GetNativeSystemInfo
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
SetLastError
GetModuleHandleExA
GetModuleHandleA
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetVersionExA
SetPriorityClass
TlsFree
SetThreadPriority
GetCurrentThread
TerminateProcess
HeapFree
GetCurrentDirectoryA
SetConsoleCtrlHandler
GetACP
SystemTimeToFileTime
GetTempPathA
GetLocalTime
GetDiskFreeSpaceA
GetUserDefaultUILanguage
GetExitCodeThread
GetCurrentThreadId
DuplicateHandle
GetTickCount
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapAlloc
DecodePointer
EncodePointer
OpenFileMappingA
HeapCreate

user32

GetSystemMenu
AppendMenuA
LoadStringA
wsprintfA
DrawMenuBar
TranslateMessage
DispatchMessageA
GetSystemMetrics
MessageBoxA
CharLowerBuffA
CharUpperBuffA
CallMsgFilterA
PeekMessageA

shell32

ShellExecuteExA

advapi32

SystemFunction036
StartServiceA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegFlushKey
RegDeleteKeyA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
GetUserNameA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ReadEventLogA
CloseEventLog
OpenEventLogA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

inet_addr
bind
getpeername
WSAGetLastError
socket
shutdown
setsockopt
send
select
recvfrom
getsockopt
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
gethostbyaddr
inet_ntoa
htons
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo
gethostname
sendto
gethostbyname
recv

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

__wibu00
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu02
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu03
Size: - Virtual size: 849KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu04
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu05
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu06
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu07
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu08
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu09
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0a
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu0b
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0c
Size: 50KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0d
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

982880a707f2286c5303392cba4718c5

Code Sign

06:e6:6d:c9:03:c5:89:86:7a:54:53:bb:e4:1a:a7:a4Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

59:65:e4:96:c9:f8:22:ae:a2:a8:3b:11:a9:0d:57:4d:05:bf:f9:5c:ff:00:af:fc:93:06:80:26:b8:d8:7c:e8Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

version

ws2_32

winhttp

Exports

Exports

Sections

__wibu00 Size: 10.3MB - Virtual size: 10.3MB

__wibu01 Size: 73KB - Virtual size: 73KB

__wibu02 Size: 623KB - Virtual size: 623KB

__wibu03 Size: - Virtual size: 849KB

__wibu04 Size: 27KB - Virtual size: 26KB

__wibu05 Size: 3KB - Virtual size: 3KB

__wibu06 Size: 512B - Virtual size: 160B

__wibu07 Size: - Virtual size: 88B

__wibu08 Size: 512B - Virtual size: 93B

__wibu09 Size: 774KB - Virtual size: 773KB

.rsrc Size: 15.2MB - Virtual size: 15.2MB

__wibu0a Size: 1.5MB - Virtual size: 1.5MB

__wibu0b Size: 6KB - Virtual size: 8KB

__wibu0c Size: 50KB - Virtual size: 68KB

__wibu0d Size: 111KB - Virtual size: 112KB

06:e6:6d:c9:03:c5:89:86:7a:54:53:bb:e4:1a:a7:a4
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

59:65:e4:96:c9:f8:22:ae:a2:a8:3b:11:a9:0d:57:4d:05:bf:f9:5c:ff:00:af:fc:93:06:80:26:b8:d8:7c:e8
Signer

__wibu00
Size: 10.3MB - Virtual size: 10.3MB

__wibu01
Size: 73KB - Virtual size: 73KB

__wibu02
Size: 623KB - Virtual size: 623KB

__wibu03
Size: - Virtual size: 849KB

__wibu04
Size: 27KB - Virtual size: 26KB

__wibu05
Size: 3KB - Virtual size: 3KB

__wibu06
Size: 512B - Virtual size: 160B

__wibu07
Size: - Virtual size: 88B

__wibu08
Size: 512B - Virtual size: 93B

__wibu09
Size: 774KB - Virtual size: 773KB

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

__wibu0a
Size: 1.5MB - Virtual size: 1.5MB

__wibu0b
Size: 6KB - Virtual size: 8KB

__wibu0c
Size: 50KB - Virtual size: 68KB

__wibu0d
Size: 111KB - Virtual size: 112KB