4c828e6887c195250b3ac3b702bf61ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c828e6887c195250b3ac3b702bf61ac_JaffaCakes118
Size

384KB
MD5

4c828e6887c195250b3ac3b702bf61ac
SHA1

1a638b7c5cc88945c44668d59849cbb0eee6463b
SHA256

e30f1ea0b6e3b7fa083270a1de65103b54ee7c78049282ae17060435dfbee051
SHA512

6a43339f3a5fd1128e4f0a7324d6325f1cdc02c34c061def837c473df16c774798d62ec9b44b7d40a2a61500e772fc3755fa0fa20cbf9c32eb3ffbdf116b5609
SSDEEP

6144:3XR8wObqRyN8tc7rmr4vkU4FWJkcby0I8IdUZTm+m9PG9+BeDHGFm:3BQKc7rUEyWdI8ISlCBIIm

Score

1^/10

Malware Config

Signatures

Files

4c828e6887c195250b3ac3b702bf61ac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6e2e60f8ba26f912ea4215781361b8f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:d4:c3:c8:ec:d0:47:94:47:82:da:41:3d:46:0e:8e
Certificate

Issuer

CN=Emsisoft Anti-Malware

Not Before

08/02/2019, 17:39

Not After

31/12/2039, 23:59

Subject

CN=Emsisoft Anti-Malware

b1:bb:b8:7d:9c:90:5e:ef:84:0a:26:27:d0:62:b7:d2:a7:ab:62:5a
Signer

Actual PE Digest

b1:bb:b8:7d:9c:90:5e:ef:84:0a:26:27:d0:62:b7:d2:a7:ab:62:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA
GetClassNameA
LoadStringA
EnumWindows
SetWindowsHookExA
MessageBoxIndirectW
DialogBoxParamW
PostMessageA
EnableScrollBar
CallWindowProcA
PeekMessageA
IsDialogMessageA
DispatchMessageA
SetWindowLongA
CreateDialogParamW
GetWindowLongA
GetWindowTextA
LoadImageA
SendMessageA
EnumDisplayMonitors
GetMonitorInfoA
KillTimer
SetTimer
CharNextW
PostThreadMessageW
CharUpperW
UnregisterClassW
LoadCursorW
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
EndPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
UnregisterClassA
GetWindowTextW
GetWindowTextLengthW
EnumThreadWindows
SendMessageW
EnableWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA

kernel32

FreeConsole
RtlUnwind
OutputDebugStringW
LoadLibraryExW
LCMapStringEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTickCount64
GetSystemTimeAsFileTime
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
InterlockedDecrement
InterlockedIncrement
DecodePointer
EncodePointer
IsDebuggerPresent
ResumeThread
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
RaiseException
FreeResource
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
MoveFileW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameW
FileTimeToSystemTime
lstrlenA
GetFileTime
HeapFree
HeapAlloc
ConvertDefaultLocale
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
Sleep
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetProcAddress
GetModuleHandleA
GetProcessHeap
GetCurrentDirectoryA
SetEnvironmentVariableW
ReleaseSemaphore
CreateSemaphoreA
GetShortPathNameW
CloseHandle
GetFileSizeEx
CreateFileW
CopyFileW
FlushFileBuffers
WriteFile
GetSystemTime
WaitForSingleObject
GetLastError
CreateMutexW
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
DeleteFileW
SetFileAttributesW
SetCurrentDirectoryW
GetVolumeInformationW
SetErrorMode
lstrcpyW
GetCurrentDirectoryW
GetTempPathW
ReadFile
GetFileSize
GetDriveTypeA
GetLogicalDriveStringsA
FindNextFileW
FreeLibrary
LoadResource
FindResourceExW
LoadLibraryW
GetModuleFileNameW
ReleaseMutex
SetLastError
GetUserDefaultLangID
GetTempFileNameW
SizeofResource
GetThreadLocale
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
GetVersionExW
FormatMessageW
lstrcatW
GetFileAttributesExW
GetCommandLineW
GetStdHandle
GlobalMemoryStatusEx
IsProcessorFeaturePresent
GetSystemInfo
GetSystemWindowsDirectoryW
GetLogicalDriveStringsW
CreateDirectoryW
GetTickCount
RemoveDirectoryW
GlobalUnlock
GlobalLock
FindResourceW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetFilePointerEx
SetFilePointer
MulDiv
GlobalAlloc
GlobalFree
GetModuleHandleW
GlobalDeleteAtom
lstrcmpW
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
CreateMutexA
GetStringTypeExA
GetLogicalDrives
QueryPerformanceFrequency
CreateEventA
PulseEvent
OutputDebugStringA
GetFullPathNameA
LockFileEx
GetTempPathA
GetFileAttributesA
DeleteFileA
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
GetDateFormatA
GetTimeFormatA

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e2e60f8ba26f912ea4215781361b8f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:d4:c3:c8:ec:d0:47:94:47:82:da:41:3d:46:0e:8eCertificate

b1:bb:b8:7d:9c:90:5e:ef:84:0a:26:27:d0:62:b7:d2:a7:ab:62:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 296KB - Virtual size: 296KB

.data Size: 4KB - Virtual size: 115KB

.rsrc Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:d4:c3:c8:ec:d0:47:94:47:82:da:41:3d:46:0e:8e
Certificate

b1:bb:b8:7d:9c:90:5e:ef:84:0a:26:27:d0:62:b7:d2:a7:ab:62:5a
Signer

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 296KB - Virtual size: 296KB

.data
Size: 4KB - Virtual size: 115KB

.rsrc
Size: 13KB - Virtual size: 12KB