4571abe273997c1c2445aeb453878fd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4571abe273997c1c2445aeb453878fd9_JaffaCakes118
Size

1.1MB
MD5

4571abe273997c1c2445aeb453878fd9
SHA1

4d0d59609d8ff0f98f7a947fad89ac5cd692d6cd
SHA256

a74760314f1609c263f9769ad630aed3fb191f2b8e1ad67d4dbccc2003c2d947
SHA512

bf826a0637ba5a38c05f7d604103c23bfcc19fc08aa58d3d39aa368a96b7aa1dd248dfd15e0f982bfbe71a3dbd900640706c046c9fee8f7a299b8b816d327841
SSDEEP

24576:yyTfgQr4jPdrek4iiFm0W6x9Hm5hr6Fj/FG+4oa25n08rPx22gFqh5:ZEQr8PxCm76xOhr1+4oaC08Tx2BAh5

Score

1^/10

Malware Config

Signatures

Files

4571abe273997c1c2445aeb453878fd9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a51474c34d56e1739f2986f969fd3bb7

Code Sign

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/05/2018, 00:00

Not After

13/05/2021, 12:00

Subject

SERIALNUMBER=14448767,CN=CRYPTOCOMPANY OÜ,O=CRYPTOCOMPANY OÜ,L=Tartu,C=EE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024545

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/05/2018, 00:00

Not After

13/05/2021, 12:00

Subject

SERIALNUMBER=14448767,CN=CRYPTOCOMPANY OÜ,O=CRYPTOCOMPANY OÜ,L=Tartu,C=EE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024545

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:f3:48:47:e3:f0:a3:22:a0:04:38:2e:1c:f7:0d:1c:53:a7:8a:4c:cd:68:20:69:9a:f8:67:28:49:c4:7f:a0
Signer

Actual PE Digest

7c:f3:48:47:e3:f0:a3:22:a0:04:38:2e:1c:f7:0d:1c:53:a7:8a:4c:cd:68:20:69:9a:f8:67:28:49:c4:7f:a0

Digest Algorithm

sha256

PE Digest Matches

true

c4:0e:85:91:ac:9f:fc:80:c8:ed:94:2d:92:d8:eb:34:47:b4:07:ee
Signer

Actual PE Digest

c4:0e:85:91:ac:9f:fc:80:c8:ed:94:2d:92:d8:eb:34:47:b4:07:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

WaitForSingleObject
SetFilePointer
GetExitCodeProcess
ReadFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrcmpiW
GetTempFileNameW
VerifyVersionInfoW
CopyFileW
CreateProcessW
LocalFree
HeapDestroy
FindResourceW
LoadResource
FindResourceExW
DeleteFileW
LockResource
FormatMessageW
GetTempPathW
RemoveDirectoryW
SizeofResource
CreateDirectoryW
RaiseException
DecodePointer
EncodePointer
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
ReleaseMutex
lstrcmpW
lstrlenW
GetFileAttributesExW
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
GetTickCount
lstrcpynW
MoveFileExW
GetEnvironmentVariableW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
VerSetConditionMask
QueryPerformanceCounter

ole32

CoInitializeEx
CoUninitialize

shell32

ord680
SHGetFolderPathW

user32

EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfW
CharLowerW
OpenClipboard
wvsprintfW
CharLowerBuffW
MessageBoxW

shlwapi

PathCanonicalizeW
PathStripPathW
PathAppendW
PathRemoveExtensionW
PathCommonPrefixW
PathIsRelativeW
PathQuoteSpacesW
PathRemoveFileSpecW

advapi32

TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
SetSecurityDescriptorDacl
GetAclInformation
MakeAbsoluteSD
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
InitializeAcl
AddAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegQueryValueExW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 967KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a51474c34d56e1739f2986f969fd3bb7

Code Sign

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7c:f3:48:47:e3:f0:a3:22:a0:04:38:2e:1c:f7:0d:1c:53:a7:8a:4c:cd:68:20:69:9a:f8:67:28:49:c4:7f:a0Signer

c4:0e:85:91:ac:9f:fc:80:c8:ed:94:2d:92:d8:eb:34:47:b4:07:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

user32

shlwapi

advapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 304B

.rsrc Size: 967KB - Virtual size: 966KB

.reloc Size: 7KB - Virtual size: 7KB

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0f:96:ce:be:82:8e:14:b0:c9:2b:5b:9d:bc:e3:25:61
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7c:f3:48:47:e3:f0:a3:22:a0:04:38:2e:1c:f7:0d:1c:53:a7:8a:4c:cd:68:20:69:9a:f8:67:28:49:c4:7f:a0
Signer

c4:0e:85:91:ac:9f:fc:80:c8:ed:94:2d:92:d8:eb:34:47:b4:07:ee
Signer

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 304B

.rsrc
Size: 967KB - Virtual size: 966KB

.reloc
Size: 7KB - Virtual size: 7KB