65b8821bec26f4abf1432db31fa8275c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65b8821bec26f4abf1432db31fa8275c_JaffaCakes118
Size

2.2MB
MD5

65b8821bec26f4abf1432db31fa8275c
SHA1

f8078d74f99215df8c3af09c809e0902145edb29
SHA256

31fc67e691f97496404ee6db955aecf0ed15a620270637433b7ec182f441e508
SHA512

aeff427113d366c38cb9c9e0633f2ab8fd7a1576c0fddb64aeb40d1b0aef82e619542600b78a9508f962c12653ca770ec1736466e7cc025792f9e4f58a726727
SSDEEP

49152:2rIDRWlhI7kmA9CVPuPzXrUgW9JLUgF+p:2ORWDI7kXCVPtTs

Score

1^/10

Malware Config

Signatures

Files

65b8821bec26f4abf1432db31fa8275c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da9c2a01ac331f02a0e5fa81e6a74535

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-08-2018 09:38

Not After

27-08-2021 09:38

Subject

CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:12:d6:ab:15:69:e2:e1:62:34:31:30:a5:b1:6f:d2:6b:c0:a7:59
Signer

Actual PE Digest

8d:12:d6:ab:15:69:e2:e1:62:34:31:30:a5:b1:6f:d2:6b:c0:a7:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
SetLastError
SetFileTime
GetModuleHandleW
GetTempPathA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
RemoveDirectoryA
RemoveDirectoryW
CreateFileW
SetFileAttributesA
SetFileAttributesW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
FindClose
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileSize
WriteFile
ReadFile
DeviceIoControl
SetEndOfFile
SetFilePointer
CreateFileA
GetFileInformationByHandle
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CompareFileTime
FileTimeToSystemTime
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
WaitForMultipleObjects
GetStdHandle
QueryPerformanceCounter
GetCurrentProcess
AreFileApisANSI
UnmapViewOfFile
OpenEventA
OpenFileMappingA
GetProcessTimes
SetConsoleCtrlHandler
SetFileApisToOEM
GetConsoleScreenBufferInfo
GetConsoleMode
SetConsoleMode
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
OpenProcess
GetDiskFreeSpaceExA
GetSystemDefaultLangID
GetPrivateProfileIntW
OutputDebugStringA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
LCMapStringW
CompareStringW
SetFilePointerEx
ReadConsoleW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
FlushFileBuffers
GetFileType
GetStringTypeW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetProcessHeap
GetModuleHandleExW
ExitProcess
HeapReAlloc
RaiseException
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
HeapFree
ExitThread
CreateThread
DecodePointer
EncodePointer
HeapAlloc
MulDiv
CreateSemaphoreA
CreateEventA
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetModuleHandleA
VirtualFree
VirtualAlloc
LoadLibraryW
GetCommandLineW
CopyFileW
MapViewOfFile
OutputDebugStringW
GetLastError
WideCharToMultiByte
CloseHandle
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetTickCount
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
CreateDirectoryW
GetTempPathW
SetProcessAffinityMask
GetModuleFileNameW

user32

GetDC
DialogBoxParamW
LoadStringW
LoadBitmapW
DrawTextA
InvalidateRect
DrawTextW
ReleaseCapture
ClientToScreen
SetCapture
GetSystemMetrics
GetWindowThreadProcessId
wsprintfW
CharPrevExA
CharUpperW
CharUpperA
GetWindowRgn
DestroyWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
RegisterClassExW
LoadCursorW
DefWindowProcW
GetWindowTextW
PostMessageW
FindWindowW
MessageBoxW
EndDialog
ExitWindowsEx
OffsetRect
CreateWindowExW
SendMessageA
LoadIconW
SetWindowTextA
MoveWindow
ShowWindow
EnableWindow
GetWindowRect
SetWindowTextW
SendMessageW
FillRect
GetClientRect
ReleaseDC

gdi32

CreateRectRgn
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
DeleteDC
BitBlt
SetTextColor
SetBkMode
SelectObject
CreateCompatibleDC
SetBitmapBits
CreateCompatibleBitmap
GetBitmapBits
GetObjectW
DeleteObject
PtInRegion

advapi32

RegCreateKeyExA
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetFileSecurityW
LookupPrivilegeValueA
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid

shell32

ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysAllocString
SysStringLen

shlwapi

StrCpyNW
StrChrW
PathAppendW
StrCpyW
PathRemoveFileSpecW
PathFileExistsW
PathFileExistsA
PathAppendA
StrCatW
StrRChrW
StrCmpW

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da9c2a01ac331f02a0e5fa81e6a74535

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

26:df:09:9e:8d:36:54:43:eb:18:42:b5Certificate

Extended Key Usages

Key Usages

8d:12:d6:ab:15:69:e2:e1:62:34:31:30:a5:b1:6f:d2:6b:c0:a7:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

Sections

.text Size: 688KB - Virtual size: 687KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 23KB - Virtual size: 62KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 37KB - Virtual size: 36KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

8d:12:d6:ab:15:69:e2:e1:62:34:31:30:a5:b1:6f:d2:6b:c0:a7:59
Signer

.text
Size: 688KB - Virtual size: 687KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 23KB - Virtual size: 62KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 37KB - Virtual size: 36KB