5d2e6e357914e4a8a828c732bee11ff9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d2e6e357914e4a8a828c732bee11ff9_JaffaCakes118
Size

296KB
MD5

5d2e6e357914e4a8a828c732bee11ff9
SHA1

4f4964fee89d216da38b1119c01c154561481470
SHA256

0d37df19701b281e0fa964cef87c3956795456d192c452d20e929960fe65afb6
SHA512

2ff522e111788ccc40b2ccc8c700a5f923c821052a2de2dfbba34a3dc7a7e720978b5503217d045a6392261381ce8463793d625c4179a9dfd081acc9fc310311
SSDEEP

3072:oasW2oM5HhsShWlrayxNEVBPTTbxhK+V8qqUJKiFlW7gY8Bx+rvXdtKENdr2A:oaMbMShWlr16B/bHK+VdJBA7SYrvqEuA

Score

1^/10

Malware Config

Signatures

Files

5d2e6e357914e4a8a828c732bee11ff9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4daeec5b6e926ba60538cb5575346edd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:8b:29:49:27:80:67:0e:35:5c:93:52:f7:49:19:54:45:b6:27:1f:70:b6:09:6b:b1:b7:d0:a4:0d:82:8f:82
Signer

Actual PE Digest

c1:8b:29:49:27:80:67:0e:35:5c:93:52:f7:49:19:54:45:b6:27:1f:70:b6:09:6b:b1:b7:d0:a4:0d:82:8f:82

Digest Algorithm

sha256

PE Digest Matches

true

aa:93:ac:a2:d9:3d:fa:91:36:86:0c:40:1d:1c:05:1b:6b:bc:01:7c
Signer

Actual PE Digest

aa:93:ac:a2:d9:3d:fa:91:36:86:0c:40:1d:1c:05:1b:6b:bc:01:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLocalTime
CreateFileW
CopyFileW
GetFileSize
SetFileAttributesW
MoveFileW
MultiByteToWideChar
CreateMutexW
CreateEventW
ReleaseMutex
FindNextFileW
GetModuleHandleW
GetVersionExW
CreateDirectoryW
SetFilePointer
ReadFile
GetTempPathW
GetCurrentProcess
TerminateProcess
SetLastError
DeleteFileW
GetTempFileNameW
MoveFileExW
GetSystemInfo
GetSystemDefaultLangID
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesW
LeaveCriticalSection
LoadLibraryA
lstrlenW
GetCPInfo
DeviceIoControl
GetStdHandle
CreatePipe
DuplicateHandle
ResetEvent
InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
HeapAlloc
CreateFileA
SetEndOfFile
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetSystemDirectoryW
Sleep
SetEvent
OpenEventW
OpenProcess
GetLastError
GetTickCount
FindResourceExW
LoadResource
LockResource
SizeofResource
FindClose
FindFirstFileW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
CloseHandle
FindResourceW
WaitForSingleObject
CreateProcessW
OutputDebugStringW
EnterCriticalSection
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
WriteFile
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
LCMapStringW
LCMapStringA
RtlUnwind
GetFullPathNameW
CreateThread
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
ExitThread
GetCurrentThreadId

user32

DestroyWindow
KillTimer
TranslateMessage
GetMessageW
SetTimer
SetWindowLongW
CreateWindowExW
PostMessageW
SendMessageTimeoutW
UnregisterClassA
DispatchMessageW
FindWindowW
PeekMessageW
MsgWaitForMultipleObjectsEx
DefWindowProcW

advapi32

RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW

ws2_32

htons
htonl

netapi32

Netbios

wininet

HttpQueryInfoW
InternetGetConnectedState
InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4daeec5b6e926ba60538cb5575346edd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

c1:8b:29:49:27:80:67:0e:35:5c:93:52:f7:49:19:54:45:b6:27:1f:70:b6:09:6b:b1:b7:d0:a4:0d:82:8f:82Signer

aa:93:ac:a2:d9:3d:fa:91:36:86:0c:40:1d:1c:05:1b:6b:bc:01:7cSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

netapi32

wininet

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

c1:8b:29:49:27:80:67:0e:35:5c:93:52:f7:49:19:54:45:b6:27:1f:70:b6:09:6b:b1:b7:d0:a4:0d:82:8f:82
Signer

aa:93:ac:a2:d9:3d:fa:91:36:86:0c:40:1d:1c:05:1b:6b:bc:01:7c
Signer

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 5KB