3ab948afc24f089603e4bbb13a10e31f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ab948afc24f089603e4bbb13a10e31f_JaffaCakes118
Size

293KB
MD5

3ab948afc24f089603e4bbb13a10e31f
SHA1

1341c110d807e3250b20646ad92de3d2b54cf59e
SHA256

49ad85dd591aa1cda422fd313e3145db793f8691664a53caac3afe11be0bd383
SHA512

15452b7bd5adf68000f570405079ce3f64c4528e7c90e09fd1d1dde306b24f69dad1b963595881fc42221896e4c0aa5a098bc6c1b3e0d2fe029a5fa9fefa072a
SSDEEP

6144:BBtCCGNRpVUW6BgpHT5iSpRMAluoN8pu2waV/Le:ntCLNRpVUBgpUcM+TNSu2RRLe

Score

1^/10

Malware Config

Signatures

Files

3ab948afc24f089603e4bbb13a10e31f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7300facee657590d1f88488385d31ce8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:8a:12:19:04:98:0e:51:ba:8f:93:77:71:1d:a5:69
Certificate

Issuer

CN=Eset NOD32 Antivirus

Not Before

29/01/2019, 09:52

Not After

31/12/2039, 23:59

Subject

CN=Eset NOD32 Antivirus

97:21:1c:cb:54:d0:e1:70:bc:55:f7:de:96:d8:08:06:b8:52:27:30
Signer

Actual PE Digest

97:21:1c:cb:54:d0:e1:70:bc:55:f7:de:96:d8:08:06:b8:52:27:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
DeleteCriticalSection
GetModuleHandleExW
GetCurrentThreadId
SetLastError
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
RaiseException
FreeResource
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
MoveFileW
LockFile
UnlockFile
LoadLibraryExW
GetFullPathNameW
ConvertDefaultLocale
GetStartupInfoW
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
ExitThread
Sleep
CreateThread
VirtualAlloc
VirtualQuery
GetModuleFileNameA
GetFileTime
GetSystemTimeAsFileTime
GlobalReAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
RtlUnwind
OutputDebugStringW
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
VirtualProtect
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetFilePointerEx
WriteConsoleW
CreateFileW
DuplicateHandle
GetProcAddress
GetModuleHandleA
lstrlenA
TerminateProcess
ResumeThread
CloseHandle
WriteFile
GetCommandLineA
MultiByteToWideChar
LCMapStringW
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
GetFileType
GetVersionExA
SetUnhandledExceptionFilter
GetStringTypeW
SetStdHandle
WideCharToMultiByte
HeapReAlloc
LoadLibraryA
FileTimeToSystemTime
GetCurrentProcess
GetLastError
GetLocalTime
ExitProcess
SetEndOfFile
FlushFileBuffers

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7300facee657590d1f88488385d31ce8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4b:8a:12:19:04:98:0e:51:ba:8f:93:77:71:1d:a5:69Certificate

97:21:1c:cb:54:d0:e1:70:bc:55:f7:de:96:d8:08:06:b8:52:27:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 5KB - Virtual size: 164KB

.rsrc Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:8a:12:19:04:98:0e:51:ba:8f:93:77:71:1d:a5:69
Certificate

97:21:1c:cb:54:d0:e1:70:bc:55:f7:de:96:d8:08:06:b8:52:27:30
Signer

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 5KB - Virtual size: 164KB

.rsrc
Size: 2KB - Virtual size: 2KB