5e8532445332f1066a947a9a7a28de5c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e8532445332f1066a947a9a7a28de5c_JaffaCakes118
Size

378KB
MD5

5e8532445332f1066a947a9a7a28de5c
SHA1

a31b64e1e5d7ba95e6381be1e8ec776f373fb3cb
SHA256

e3d5c6684264ecaeb7cad5bf5a626a634582ebc14610e81a972ac7779eb5165b
SHA512

fd8f00f6fa1b2b19793769b02e50892d50d80353e7b7349ac4268ac8458ae0d4ec5c7411efd64d9aa05494aaf681a0f497675b3b772698a6c9b5f198ee280fbf
SSDEEP

6144:PsMyMZrlyqb2f59hY+eAa7QwTofHRRjnyYY7OTFXKS/f70AiX:0RMTys2fKJ0RK7OTF/7A

Score

1^/10

Malware Config

Signatures

Files

5e8532445332f1066a947a9a7a28de5c_JaffaCakes118
.exe windows:5 windows x64 arch:x64

170be48d259314a46e5ef166bcd7d77c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/06/2015, 00:00

Not After

03/06/2018, 23:59

Subject

CN=Atom Security OOO,OU=development,O=Atom Security OOO,POSTALCODE=630090,STREET=Academician Koptyuga Prospect\, 4\,office 158,L=Novosibirsk,ST=nso,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:22:dd:fd:74:44:73:1e:dc:a4:5f:81:44:c6:d7:c8:c9:ce:a4:3d
Signer

Actual PE Digest

35:22:dd:fd:74:44:73:1e:dc:a4:5f:81:44:c6:d7:c8:c9:ce:a4:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACloseEvent
WSCGetProviderPath
WSCEnumProtocols32
WSCEnumProtocols
WSCDeinstallProvider32
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCDeinstallProvider
WSCInstallProvider
inet_addr
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
socket
htons
WSACreateEvent
WSAEventSelect
connect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket

rpcrt4

UuidCreate

kernel32

HeapReAlloc
CreateFileA
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryW
ExpandEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetLocalTime
DeleteCriticalSection
MoveFileExW
MoveFileW
GetStringTypeW
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
MoveFileExA
MoveFileA
GetTickCount
GetTempPathA
ExpandEnvironmentStringsA
GetVersionExA
CloseHandle
GetCurrentProcess
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
WideCharToMultiByte
GetSystemTime
lstrlenA
FindFirstFileA
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetProcessHeap
LocalFree
SetFilePointer
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
CopyFileA
SetStdHandle
GetSystemTimeAsFileTime
LCMapStringW
IsValidCodePage
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
Sleep
HeapSize
GetModuleHandleW
ExitProcess
GetCPInfo
GetACP
GetOEMCP
QueryPerformanceCounter

user32

wvsprintfA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegRestoreKeyA
RegSaveKeyA
LookupPrivilegeValueA
OpenProcessToken
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceW
CloseServiceHandle
QueryServiceConfigW

ole32

StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

170be48d259314a46e5ef166bcd7d77c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

35:22:dd:fd:74:44:73:1e:dc:a4:5f:81:44:c6:d7:c8:c9:ce:a4:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 6KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

35:22:dd:fd:74:44:73:1e:dc:a4:5f:81:44:c6:d7:c8:c9:ce:a4:3d
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 6KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 10KB - Virtual size: 9KB