4f191085577d62b1d5fb1b195fbdb014_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4f191085577d62b1d5fb1b195fbdb014_JaffaCakes118
Size

3.0MB
MD5

4f191085577d62b1d5fb1b195fbdb014
SHA1

ef3117bedf5d8e029099c43fdd55ca754e7102b8
SHA256

52172adaf1aa646bb756721b8311313de8ce33ca70d8182616f231beffae9d76
SHA512

0156e1bf93bf83e14e20b0f07da0ef1c9516e9ff54ced1118c2f29257866b20562c3d980ebf8373b81c286ebe1bc0c1fb3e144821898f0da64b561120c3df9b1
SSDEEP

49152:LBxZSFvxuCTFbtvX0xjKbv5n9D9lehTJyDM6:YuCTX+e5NS0

Score

1^/10

Malware Config

Signatures

Files

4f191085577d62b1d5fb1b195fbdb014_JaffaCakes118
.dll windows:6 windows x64 arch:x64

9da8d0f3dc3baf7d645bc8cb1db934e8

Code Sign

61:1a:f5:ea:00:00:00:00:00:6a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2011, 22:39

Not After

01/02/2013, 22:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:49:55:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:45

Not After

10/01/2013, 20:55

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:76:ef:60:63:6d:35:4d:07:34:95:65:d2:55:94:ba:09:8e:a3:e3:01:60:f5:81:f0:7a:80:0f:85:5c:c1:13
Signer

Actual PE Digest

04:76:ef:60:63:6d:35:4d:07:34:95:65:d2:55:94:ba:09:8e:a3:e3:01:60:f5:81:f0:7a:80:0f:85:5c:c1:13

Digest Algorithm

sha256

PE Digest Matches

true

18:f5:af:75:fb:d9:82:4e:3e:81:44:2c:f6:b7:f5:b8:2e:b5:8e:fa
Signer

Actual PE Digest

18:f5:af:75:fb:d9:82:4e:3e:81:44:2c:f6:b7:f5:b8:2e:b5:8e:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ext.pdb

Imports

msvcrt

_fileno
localeconv
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
iswctype
isleadbyte
memset
__badioinfo
__pioinfo
_isatty
_lseeki64
ungetc
_ismbblead
?terminate@@YAXXZ
_onexit
wcstombs
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
abort
memcmp
__crtCompareStringA
___lc_collate_cp_func
islower
__crtLCMapStringA
___lc_codepage_func
___lc_handle_func
__pctype_func
memcpy
setlocale
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler
_errno
fwrite
_mbsnbicmp
_mbsninc
fclose
fread
fscanf
feof
rewind
ftell
fseek
fopen
_ltoa
atof
isupper
toupper
wcschr
towlower
wcstod
tolower
printf
calloc
wcstok
ispunct
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_strrev
_close
_write
_open
wcstoul
??_V@YAXPEAX@Z
_msize
wcsrchr
_strupr
qsort
_strcmpi
_strlwr
iswprint
wcsstr
_wcsnicmp
isprint
isdigit
_strdup
strpbrk
time
ctime
localtime
isspace
_vsnwprintf
getenv
_vscwprintf
wcsncpy
_snwprintf
iswdigit
strtoul
wcsncmp
isxdigit
strtol
strstr
_wtoi
_strnicmp
_strtoui64
strncmp
atoi
strtok
_vsnprintf
malloc
free
strrchr
strchr
realloc
memchr
_wcsicmp
_purecall
_stricmp
?what@exception@@UEBAPEBDXZ
memmove
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_read
??3@YAXPEAX@Z
log10

advapi32

OpenEventLogA
ReportEventA
CloseEventLog

dbgeng

DebugCreate

dbghelp

ImageNtHeader
FindExecutableImageEx
SymFindFileInPath

kernel32

GetTimeZoneInformation
GetLocalTime
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
SetLastError
FormatMessageA
MapViewOfFile
CreateFileMappingA
GetThreadLocale
FindFirstFileA
GetModuleHandleA
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
ReadFile
GetFileSize
RaiseException
GetUserGeoID
DebugBreak
HeapAlloc
HeapReAlloc
DeleteFileA
Sleep
GetTickCount
GetCurrentThreadId
CopyFileA
CreateDirectoryA
ExpandEnvironmentStringsA
WriteFile
SetEndOfFile
SetFilePointer
UnmapViewOfFile
LoadLibraryA
HeapFree
GetProcessHeap
CloseHandle
CreateFileA
LocalAlloc
LocalFree
FileTimeToLocalFileTime
GetComputerNameA
SystemTimeToFileTime
lstrcmpA
FileTimeToSystemTime
GetLocaleInfoA
GetSystemTimeAsFileTime
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte

shell32

ShellExecuteA

Exports

Exports

DebugExtensionInitialize
DebugExtensionNotify
DebugExtensionUninitialize
_EFN_DbAddCrashDirect
_EFN_ExtDllQueryDataByTag
_EFN_FindSrInfo
_EFN_GetDataFromXml
_EFN_GetDebugFailureAnalysis
_EFN_GetFailureAnalysis
_EFN_GetTargetInfo
_EFN_GetTriageFollowupFromSymbol
_EFN_ReloadTriager
addrbias
address
analyze
analyzeuexception
asd
bft
chkallimg
chkimg
cppexr
cpuid
createsprivateheap
cxr
dblob
ddstack
dml_proc
doescallhsi
dumpfa
dumptype
eflags
elog_str
error
exchain
exr
fi
findgifs
findjpegs
findjpgs
findpngs
findthebuild
findxmldata
fis
for_each_frame
for_each_function
for_each_local
for_each_module
for_each_process
for_each_register
for_each_thread
frame
framesize
frlo
gle
gs
gsfriendlyinit
hashblob
hashcmdresults
hbdna
heap
heapcorruption
help
imggp
imgreloc
imports
inframe
inmodule
inthread
irop
iscomobject
isgsprotectedfunc
ismanagedmod
isnxcompat
isregobjptr
isresourceonly
istruncatedmodpointer
kup
list
ltoo
net_send
obja
opcodemap
owner
pooltag
r
recursive
rtlavl
ruleinfo
sel
showexports
showimports
showresources
solvebucket
std_map
str
targetinfo
threads
ticket
trap
tss
u
ufs
url
usbdata
usesaslr
usesbannedapi
usessafeseh
ustr
whatdllnotfound

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 247KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9da8d0f3dc3baf7d645bc8cb1db934e8

Code Sign

61:1a:f5:ea:00:00:00:00:00:6aCertificate

Extended Key Usages

Key Usages

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:05:49:55:00:00:00:00:00:0bCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

04:76:ef:60:63:6d:35:4d:07:34:95:65:d2:55:94:ba:09:8e:a3:e3:01:60:f5:81:f0:7a:80:0f:85:5c:c1:13Signer

18:f5:af:75:fb:d9:82:4e:3e:81:44:2c:f6:b7:f5:b8:2e:b5:8e:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

dbgeng

dbghelp

kernel32

shell32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 247KB - Virtual size: 349KB

.pdata Size: 35KB - Virtual size: 34KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 47KB - Virtual size: 47KB

61:1a:f5:ea:00:00:00:00:00:6a
Certificate

61:05:19:96:00:00:00:00:00:1b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

61:05:49:55:00:00:00:00:00:0b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

04:76:ef:60:63:6d:35:4d:07:34:95:65:d2:55:94:ba:09:8e:a3:e3:01:60:f5:81:f0:7a:80:0f:85:5c:c1:13
Signer

18:f5:af:75:fb:d9:82:4e:3e:81:44:2c:f6:b7:f5:b8:2e:b5:8e:fa
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 247KB - Virtual size: 349KB

.pdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 47KB - Virtual size: 47KB