3a8db3ad73b5e21eed3b7a7581e5f38b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a8db3ad73b5e21eed3b7a7581e5f38b_JaffaCakes118
Size

4.0MB
MD5

3a8db3ad73b5e21eed3b7a7581e5f38b
SHA1

e04a2f4574adec6d2185130276dcda1768cf963c
SHA256

d4861ad679d776f0d5af86197fffae028eb36f6ad00c16a7c47bcfcf57085dc3
SHA512

ad30e0cea1e936474adbded87e726d6fca4bc5b33c1655dc47de10144269847fa22b15afd35c398770a3b6f2c712a4332801e55b6a49f6414faa1b8b9376bfc2
SSDEEP

49152:yMVwASOjGtlqa1IU6i97x5Vk84gnkLML2NRkiKMrP6EXkmwCxB52LKs60V6uOnWB:gS+Nx/kJwCxB9gORjGmmv2wf

Score

1^/10

Malware Config

Signatures

Files

3a8db3ad73b5e21eed3b7a7581e5f38b_JaffaCakes118
.exe windows:6 windows x64 arch:x64

18116b9942f38ac0631aac254596e106

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:18:0e:73:1d:ed:c7:24:0d:37:1b:7b:3b:4e:e3:e8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/05/2016, 00:00

Not After

17/06/2018, 23:59

Subject

CN=Bitrix\, Inc,O=Bitrix\, Inc,L=Alexandria,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:71:e5:26:58:9d:89:43:df:a2:a4:50:65:44:78:63:e8:8e:fc:32
Signer

Actual PE Digest

07:71:e5:26:58:9d:89:43:df:a2:a4:50:65:44:78:63:e8:8e:fc:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\VS_Projects\BitrixDesktop\win\disk\x64\Release\BDisk.pdb

Imports

wldap32

ord26
ord41
ord50
ord60
ord211
ord27
ord32
ord33
ord46
ord22
ord35
ord79
ord30
ord200
ord301
ord143

ws2_32

WSAIoctl
getpeername
select
recvfrom
inet_pton
listen
connect
bind
accept
WSASetLastError
send
recv
freeaddrinfo
getaddrinfo
WSACleanup
ntohs
getsockopt
getsockname
ioctlsocket
closesocket
WSAStartup
inet_addr
socket
htons
sendto
setsockopt
WSAGetLastError
gethostname
htonl
ntohl
__WSAFDIsSet

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData
CertGetCertificateContextProperty

ntdll

RtlCaptureContext
VerSetConditionMask
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
NtCreateSection
NtMapViewOfSection
RtlLookupFunctionEntry

kernel32

GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
InitializeSListHead
GetStartupInfoW
GetCPInfo
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FileTimeToSystemTime
SetStdHandle
LoadLibraryExW
ExitProcess
GetTimeZoneInformation
SetConsoleCtrlHandler
GetDriveTypeW
IsDebuggerPresent
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
TzSpecificLocalTimeToSystemTime
GetModuleFileNameA
FindFirstFileW
SetLastError
FindNextFileW
FindClose
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetTempPathA
GetLastError
SetConsoleOutputCP
GetTempFileNameA
CreateDirectoryW
SetFileTime
FindNextFileA
GetTempPathW
CreateFileW
SetFileAttributesW
GetFileAttributesA
GetFileAttributesExW
CreateFileA
DeleteFileA
DeleteFileW
CloseHandle
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
GetFileSize
SystemTimeToFileTime
GetSystemTimeAsFileTime
CreateDirectoryA
GetSystemTime
GetTickCount
MoveFileW
GetFileTime
WaitForSingleObject
FindFirstChangeNotificationW
Sleep
FindNextChangeNotification
ReadFile
GetFileSizeEx
TlsSetValue
GetCurrentProcess
WriteFile
LockFile
SetFilePointer
SetEndOfFile
CreateMutexW
CreateMutexA
GetCurrentThreadId
ReleaseMutex
UnmapViewOfFile
OpenProcess
GetVersion
CreateEventW
OpenMutexA
FlushViewOfFile
SetEvent
TlsAlloc
GetSystemInfo
CreateThread
GetOverlappedResult
UnlockFile
LockFileEx
GetCurrentProcessId
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFileEx
FlushFileBuffers
GetVolumeInformationW
LocalFree
SizeofResource
HeapFree
GetStdHandle
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
HeapSize
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
FlushConsoleInputBuffer
PeekConsoleInputW
DeleteCriticalSection
GetProcessHeap
CancelIo
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObjectEx
WriteConsoleW
CreateSemaphoreW
SleepEx
GetLongPathNameW
lstrlenW
ReadDirectoryChangesW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
InitializeCriticalSection
GetFullPathNameA
UnlockFileEx
HeapValidate
FormatMessageW
GetDiskFreeSpaceA
OutputDebugStringW
LoadLibraryA
HeapCompact
CreateFileMappingA
FreeLibrary
MapViewOfFile
QueryPerformanceCounter
GetTickCount64
CreateMemoryResourceNotification
GetUserDefaultUILanguage
GetVersionExW
GetUserDefaultLCID
GetFileInformationByHandleEx
SetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleHandleW
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
MoveFileExW
SetFilePointerEx
GetCommandLineW
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileInformationByHandle
QueueUserAPC

user32

MessageBoxA
MessageBoxW
CharLowerW
GetProcessWindowStation
GetUserObjectInformationW
GetUserObjectSecurity
wsprintfW

advapi32

RegQueryValueExW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptAcquireContextW
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptAcquireContextA
SystemFunction036

shell32

SHCreateItemFromParsingName
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
SHChangeNotify

ole32

CoInitializeEx
CoCreateInstance

shlwapi

PathFindFileNameW

Exports

Exports

zip_close
zip_discard
zip_error_code_system
zip_error_code_zip
zip_error_fini
zip_error_init
zip_error_init_with_code
zip_error_set
zip_error_strerror
zip_error_system_type
zip_error_to_data
zip_file_add
zip_file_replace
zip_get_name
zip_name_locate
zip_open
zip_open_from_source
zip_register_progress_callback
zip_source_begin_write
zip_source_buffer
zip_source_buffer_create
zip_source_close
zip_source_commit_write
zip_source_error
zip_source_file
zip_source_file_create
zip_source_filep
zip_source_filep_create
zip_source_free
zip_source_function
zip_source_function_create
zip_source_keep
zip_source_make_command_bitmap
zip_source_open
zip_source_read
zip_source_rollback_write
zip_source_seek
zip_source_seek_compute_offset
zip_source_seek_write
zip_source_stat
zip_source_tell
zip_source_tell_write
zip_source_win32handle
zip_source_win32handle_create
zip_source_win32w
zip_source_win32w_create
zip_source_write
zip_stat_index
zip_stat_init
zip_strerror

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18116b9942f38ac0631aac254596e106

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

27:18:0e:73:1d:ed:c7:24:0d:37:1b:7b:3b:4e:e3:e8Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

07:71:e5:26:58:9d:89:43:df:a2:a4:50:65:44:78:63:e8:8e:fc:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

ws2_32

crypt32

ntdll

kernel32

user32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 692KB - Virtual size: 692KB

.data Size: 94KB - Virtual size: 323KB

.pdata Size: 118KB - Virtual size: 118KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 23KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

27:18:0e:73:1d:ed:c7:24:0d:37:1b:7b:3b:4e:e3:e8
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

07:71:e5:26:58:9d:89:43:df:a2:a4:50:65:44:78:63:e8:8e:fc:32
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 692KB - Virtual size: 692KB

.data
Size: 94KB - Virtual size: 323KB

.pdata
Size: 118KB - Virtual size: 118KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 23KB - Virtual size: 23KB