48c7123da4b7f1aeecf919467fe0d2f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

48c7123da4b7f1aeecf919467fe0d2f7_JaffaCakes118
Size

2.0MB
MD5

48c7123da4b7f1aeecf919467fe0d2f7
SHA1

0ff98b5e4ebea10be2c18c559fb2412588e75360
SHA256

a53cd54469ab729dfbc0ebfb55989f207a3a4569181cda8083984ae7d106d492
SHA512

89a0972a7cb04510628fae54500e8231de2e547355271ed88b2feef66ef01d2e65428c339c29e30e0e6b47f6458427717e81c8c00129c283d077905f0a5aa0b0
SSDEEP

49152:9ImNufM7B8YBjvfOvM6WwxxX5GX3Eu0hAdPwi+:9HH1vzyMseEuwp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RarLng.dll
unpack001/setup.exe

Files

48c7123da4b7f1aeecf919467fe0d2f7_JaffaCakes118
.zip
RarExt.dll
.dll windows:5 windows x86 arch:x86

392b833468c7c9c5d55a145a71c6f97f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/06/2015, 00:00

Not After

31/05/2017, 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/06/2015, 00:00

Not After

31/05/2017, 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:62:6f:7b:2f:97:e5:4a:61:2a:23:fe:f5:6e:48:89:c9:cb:59:91:33:83:15:c7:bf:1b:6e:b8:87:1c:02:84
Signer

Actual PE Digest

e8:62:6f:7b:2f:97:e5:4a:61:2a:23:fe:f5:6e:48:89:c9:cb:59:91:33:83:15:c7:bf:1b:6e:b8:87:1c:02:84

Digest Algorithm

sha256

PE Digest Matches

true

bc:f6:80:f5:78:13:2c:20:23:6e:97:bc:88:90:f8:ba:61:df:98:58
Signer

Actual PE Digest

bc:f6:80:f5:78:13:2c:20:23:6e:97:bc:88:90:f8:ba:61:df:98:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rarext\build\32\Release\rarext.pdb

Imports

comctl32

DestroyPropertySheetPage
ord8
CreatePropertySheetPageW

kernel32

FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
GetCurrentProcessId
CompareStringA
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetThreadExecutionState
Sleep
GetSystemDirectoryW
SetPriorityClass
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetModuleHandleExW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
GetTempPathW
SetCurrentDirectoryW
WaitForSingleObject
DecodePointer
HeapSize
WriteConsoleW
GetStringTypeW
SetFilePointerEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
QueryPerformanceFrequency
InterlockedFlushSList
GetFullPathNameW
CreateFileW
GetCurrentDirectoryW
GetModuleFileNameW
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
MoveFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
DeviceIoControl
GetFileTime
FlushFileBuffers
GetStdHandle
GetFileType
SetLastError
LoadLibraryW
CloseHandle
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
GetLastError
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetFileAttributesW

user32

SendMessageW
OemToCharBuffA
LoadImageW
GetSysColor
EndPaint
BeginPaint
InsertMenuItemW
CreatePopupMenu
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
MessageBoxW
CreateIcon
CharLowerW
ShowWindow
CharLowerA
CharUpperA
CharUpperW
LoadStringW
GetWindow
GetClassNameW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetSystemMetrics
SetWindowPos
OemToCharA
wsprintfW
GetParent
InvalidateRect
ReleaseDC
GetDC
EnableWindow
GetDlgItem

gdi32

Polygon
SetPixel
GetPixel
GetObjectW
CreateDIBSection
StretchBlt
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
Polyline
SelectObject
TextOutW
SetTextColor
DeleteObject
CreateSolidBrush
CreatePen
GetTextFaceW
GetTextMetricsW
CreateFontW

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

SHGetPathFromIDListW
ShellExecuteExW
DragQueryFileW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
ReleaseStgMedium

oleaut32

VariantChangeType
VariantCopy
VariantClear
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RarLng.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 140KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wibdkixz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ypulrlsq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

392b833468c7c9c5d55a145a71c6f97f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

e8:62:6f:7b:2f:97:e5:4a:61:2a:23:fe:f5:6e:48:89:c9:cb:59:91:33:83:15:c7:bf:1b:6e:b8:87:1c:02:84Signer

bc:f6:80:f5:78:13:2c:20:23:6e:97:bc:88:90:f8:ba:61:df:98:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 139KB

.gfids Size: 512B - Virtual size: 236B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 10KB - Virtual size: 9KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 268KB - Virtual size: 267KB

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 140KB - Virtual size: 280KB

.rsrc Size: 512B - Virtual size: 480B

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 2.6MB

wibdkixz Size: 1.6MB - Virtual size: 1.6MB

ypulrlsq Size: 1KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

fe:46:a1:0a:d9:42:69:c3:dd:22:5c:13:64:53:52:e4
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

e8:62:6f:7b:2f:97:e5:4a:61:2a:23:fe:f5:6e:48:89:c9:cb:59:91:33:83:15:c7:bf:1b:6e:b8:87:1c:02:84
Signer

bc:f6:80:f5:78:13:2c:20:23:6e:97:bc:88:90:f8:ba:61:df:98:58
Signer

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 139KB

.gfids
Size: 512B - Virtual size: 236B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 268KB - Virtual size: 267KB

.rsrc
Size: 512B - Virtual size: 480B

.idata
Size: 512B - Virtual size: 4KB

wibdkixz
Size: 1.6MB - Virtual size: 1.6MB

ypulrlsq
Size: 1KB - Virtual size: 4KB