6bfeaedbc31955d8a0f5ae475d990e62_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6bfeaedbc31955d8a0f5ae475d990e62_JaffaCakes118
Size

314KB
MD5

6bfeaedbc31955d8a0f5ae475d990e62
SHA1

1fe2d0aeb5fd55c8c24cb93b05522112b7fbae6d
SHA256

d5d16e4b2b443fe5479f8c221862c8e541050dcf641e99628ff93ba0a3da32c5
SHA512

eb2cc5311809452646f83cabd5069ee8dab6596a78531758263182bad27423e886445f585ea80d9a0a7ddabd01eee26743e92f08743b07e0cd055553945ff0ea
SSDEEP

6144:IAobptP+39TRuPhfhTapLixcDi39TRuPhfhTapLixcD1Y:IjbpU1RuPhJTQmxcG1RuPhJTQmxcRY

Score

1^/10

Malware Config

Signatures

Files

6bfeaedbc31955d8a0f5ae475d990e62_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f2ed437c4fbae25bc8953d18686676f8

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:a1:5e:e8:d4:a4:6d:14:be:7a:55:f9
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2017, 10:10

Not After

30/03/2020, 08:04

Subject

SERIALNUMBER=HE 312702,CN=Gaijin Network LTD,O=Gaijin Network LTD,STREET=Kyriakos Matsis\, 10\, LILIANA BUILDING\, Floor 2\, Flat 203,L=Nicosia,ST=Nicosia district,C=CY,1.2.840.113549.1.9.1=#0c1161646d696e73406761696a696e2e6e6574,1.3.6.1.4.1.311.60.2.1.3=#13024359,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:6f:11:35:2a:a8:3e:11:b8:76:01:cf:39:64:75:b6:6c:42:44:b9:15:f5:9f:dd:0d:32:b8:4e:81:eb:e0:66
Signer

Actual PE Digest

53:6f:11:35:2a:a8:3e:11:b8:76:01:cf:39:64:75:b6:6c:42:44:b9:15:f5:9f:dd:0d:32:b8:4e:81:eb:e0:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetNativeSystemInfo
CreateProcessA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
EncodePointer
DecodePointer
CreateFileW

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2ed437c4fbae25bc8953d18686676f8

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

55:a1:5e:e8:d4:a4:6d:14:be:7a:55:f9Certificate

Extended Key Usages

Key Usages

53:6f:11:35:2a:a8:3e:11:b8:76:01:cf:39:64:75:b6:6c:42:44:b9:15:f5:9f:dd:0d:32:b8:4e:81:eb:e0:66Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 221KB - Virtual size: 221KB

.reloc Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

55:a1:5e:e8:d4:a4:6d:14:be:7a:55:f9
Certificate

53:6f:11:35:2a:a8:3e:11:b8:76:01:cf:39:64:75:b6:6c:42:44:b9:15:f5:9f:dd:0d:32:b8:4e:81:eb:e0:66
Signer

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 221KB - Virtual size: 221KB

.reloc
Size: 4KB - Virtual size: 3KB