08b0c7518528ebd3adf4175149e8ca6a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

08b0c7518528ebd3adf4175149e8ca6a_JaffaCakes118
Size

1.9MB
MD5

08b0c7518528ebd3adf4175149e8ca6a
SHA1

5306315805ca6ada34038d77d7d11edb405f5d67
SHA256

14d4488a60d84fb4dee0eeabbad515e942ec56b46b401d5dd0b59d09fda442d1
SHA512

68e1a7224e4c8b12426994711965e170f55b484ed2fe0a9286fb8606d6f4eb1793892d6188fdc245125ea0695a50f17c2bf266f4276f7e77e52161fdf97c0ad2
SSDEEP

24576:fuc604vSbuxyX67A1uFfTt2Ajf7KQDpuTHHtUwR7q5JQJComF+uv:B4vSK+OA1u5t2Ajf6THHP8JQJCUu

Score

1^/10

Malware Config

Signatures

Files

08b0c7518528ebd3adf4175149e8ca6a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7af09c1152aef4f04fa4b1d122a1ce56

Code Sign

0f:11:1d:d9:c7:1b:88:87:1b:cc:15:55:43:18:87:e1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-04-2015 00:00

Not After

15-12-2015 12:00

Subject

SERIALNUMBER=17834147000180,CN=RBM Solutions (RBM SOLUCOES EM MARKETING LTDA),O=RBM Solutions (RBM SOLUCOES EM MARKETING LTDA),POSTALCODE=04040-003,STREET=Rua Loefgren\, 1304,L=Vila Clementino,ST=São Paulo,C=BR,1.3.6.1.4.1.311.60.2.1.3=#13024252,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:eb:db:f7:05:33:c5:b0:da:e5:ea:8a:32:68:59:15:c4:ba:49:f4
Signer

Actual PE Digest

1a:eb:db:f7:05:33:c5:b0:da:e5:ea:8a:32:68:59:15:c4:ba:49:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\www\binaries\ncupons\bin\Release\Win32\ncupons.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

nfapi

?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_free@nfapi@@YAXXZ
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_setOptions@nfapi@@YAXKK@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z

protocolfilters

?PFObject_create@ProtocolFilters@@YAPAVPFObject@1@HH@Z
?pf_init@ProtocolFilters@@YAHPAVPFEvents@1@PB_W@Z
?pf_getNFEventHandler@ProtocolFilters@@YAPAVNF_EventHandler@nfapi@@XZ
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_setRootSSLCertSubject@ProtocolFilters@@YAXPBD@Z
?pf_postObject@ProtocolFilters@@YAH_KPAVPFObject@1@@Z
?pf_free@ProtocolFilters@@YAXXZ

kernel32

SetFileAttributesA
SetFileAttributesW
SetFilePointer
GetTempPathA
MoveFileA
MoveFileW
CompareFileTime
GetSystemTime
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThreadId
GetTickCount
FormatMessageA
GetComputerNameW
GetACP
GetOEMCP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileSize
ReadFile
SetEndOfFile
WriteFile
GetVersionExA
CreateFileW
GetProcAddress
LoadLibraryA
FreeLibrary
GetSystemTimeAsFileTime
DuplicateHandle
GetCurrentProcess
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedExchange
GetStringTypeW
IsProcessorFeaturePresent
HeapFree
HeapAlloc
CreateTimerQueueTimer
HeapReAlloc
GetCommandLineW
RtlUnwind
GetTimeZoneInformation
GetProcessHeap
RaiseException
ExitThread
LoadLibraryExW
TlsGetValue
GetCPInfo
CreateTimerQueue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SwitchToThread
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
GetFileType
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetThreadPriority
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryW
UnregisterWait
WriteConsoleW
SetEnvironmentVariableA
GetThreadPriority
SignalObjectAndWait
GetFullPathNameW
GetFullPathNameA
GetFileAttributesW
GetFileAttributesA
DeleteFileA
CreateFileA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
MultiByteToWideChar
GetModuleFileNameW
WideCharToMultiByte
GetModuleHandleW
CreateThread
DeleteFileW
CloseHandle
CreateEventW
GetLastError
GetTempPathW
Sleep
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
IsDebuggerPresent

advapi32

CryptEnumProvidersA
SetServiceStatus
RegisterServiceCtrlHandlerW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextA
RegQueryValueExA
RegSetValueExA
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptExportKey
CryptCreateHash
CryptDestroyHash
CryptGetUserKey
CryptAcquireContextW
CryptSetHashParam
CryptSignHashA
CryptGetProvParam
StartServiceCtrlDispatcherW

shell32

ShellExecuteW

shlwapi

PathFileExistsW

ws2_32

setsockopt
shutdown
socket
gethostbyname
WSAStartup
WSAGetLastError
ioctlsocket
connect
send
bind
__WSAFDIsSet
inet_ntoa
getsockname
getsockopt
htons
inet_addr
select
recv
closesocket
ntohs

crypt32

CertDuplicateCertificateContext
CertCreateCertificateContext
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertNameToStrW
CertOpenStore
CertCloseStore
CertGetSubjectCertificateFromStore
CertEnumCertificatesInStore
CryptEncodeObject
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CryptMsgControl
CryptEncryptMessage
CryptDecryptMessage
CryptDecodeObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7af09c1152aef4f04fa4b1d122a1ce56

Code Sign

0f:11:1d:d9:c7:1b:88:87:1b:cc:15:55:43:18:87:e1Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

1a:eb:db:f7:05:33:c5:b0:da:e5:ea:8a:32:68:59:15:c4:ba:49:f4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

version

nfapi

protocolfilters

kernel32

advapi32

shell32

shlwapi

ws2_32

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 483KB - Virtual size: 483KB

.data Size: 87KB - Virtual size: 120KB

.rsrc Size: 35KB - Virtual size: 35KB

0f:11:1d:d9:c7:1b:88:87:1b:cc:15:55:43:18:87:e1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

1a:eb:db:f7:05:33:c5:b0:da:e5:ea:8a:32:68:59:15:c4:ba:49:f4
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 483KB - Virtual size: 483KB

.data
Size: 87KB - Virtual size: 120KB

.rsrc
Size: 35KB - Virtual size: 35KB