68c13161f04fb586fc8778b70d003e1e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68c13161f04fb586fc8778b70d003e1e_JaffaCakes118
Size

142KB
MD5

68c13161f04fb586fc8778b70d003e1e
SHA1

fa018cdcc8b7329b61b6a0c28e9e1109d25e20ba
SHA256

0cd48f2289fdbb1cf24e61e9bd258452bcc46806965b1e51f6d69a31ef60777a
SHA512

b27999efe3854f2c858d7df11560ef8fa0528ddff1917f1a7c81972dacf2f20ff0e5aa8ecb99f6a1faf5cb3f80245a0735dfb986c50854078dd6447ac66a91f6
SSDEEP

3072:5tQul439NZiYd88+HS7SPlSUmoB7pInBGhBt:5tQul+NZiY97SPlT1iGZ

Score

1^/10

Malware Config

Signatures

Files

68c13161f04fb586fc8778b70d003e1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

14fdc35f0afa2fdd155ceab3a6ff934b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1
Signer

Actual PE Digest

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

initialize

ord10
ord28

saveoperate

ord4

kernel32

SetEnvironmentVariableA
CompareStringW
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RaiseException
FatalAppExitA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetProcAddress
GetLastError
CloseHandle
FlushFileBuffers
WriteFile
HeapSize
ReadFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileW
UnhandledExceptionFilter
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

Exports

Exports

Initi_Ntfs_InFo
NTFS_Free_File_Info
NTFS_Free_Format_Info
NTFS_Free_Glod_Exit
Nfst_GetFormat_NameParentID
Ntfs_Decode_Run
Ntfs_Fat_Cmp
Ntfs_Find_Attribute
Ntfs_Format_BlockSize
Ntfs_Get_Data
Ntfs_Get_Del_File
Ntfs_Get_FlieSize
Ntfs_Get_MFTID
Ntfs_Get_NameParentID
Ntfs_Open_Dir
Ntfs_RWfile_Set
Ntfs_Read_ForMat_Data
Ntfs_Release_Attribute_Context
Search_Ntfs_InFo
Shwo_Ntfs_Dir
_Get_ExternUse
_Set_ExternUse
__Ntfs_list
check_ntfs_format_save_data
get_ntfs_format_info_from_save
read_scan_result_ntfs
save_scan_result_ntfs
set_info
set_ntfs_foramt_info_to_save
set_ntfs_operate

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14fdc35f0afa2fdd155ceab3a6ff934b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1Signer

Headers

File Characteristics

Imports

initialize

saveoperate

kernel32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1
Signer

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 6KB