6cbf9bb7cb88546787977b4b593e36d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6cbf9bb7cb88546787977b4b593e36d7_JaffaCakes118
Size

249KB
MD5

6cbf9bb7cb88546787977b4b593e36d7
SHA1

978761c3e577ba5719a5daf765171910bcc5312b
SHA256

10b8112dfa2aba3ff08dc2e7fa963fa2c68ddcba41b1e9ec747f91c491b1ff70
SHA512

0af06588c7f92218838f66bc8c807247405da4985362e80a347ea5625120c124ffee53de4620ba92fcd8ad4d8af7054f7b688c17a4600eff1659434b11b237dc
SSDEEP

3072:4Inn38LSooooooA9E41GQyVdzgDMjVyJXIOpyvh/VZGvwPj/mO3wS+i5UCGIg8oX:4438LO41EXv4h/oxJGi9e

Score

1^/10

Malware Config

Signatures

Files

6cbf9bb7cb88546787977b4b593e36d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Dajjigce Iylamb,O=Wom Rivhuukike Bejt,L=Levqoyeroit,ST=Iwabtacwidse,C=US

Not Before

19/06/2015, 00:20

Not After

18/06/2016, 00:20

Subject

CN=Noci Uxawu,O=Wom Rivhuukike Bejt,L=Levqoyeroit,ST=Iwabtacwidse,C=US

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:09:5e:fe:b6:9d:97:cc:b4:74:c1:13:d6:be:14:fb:47:8d:bd:60
Signer

Actual PE Digest

d3:09:5e:fe:b6:9d:97:cc:b4:74:c1:13:d6:be:14:fb:47:8d:bd:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
HeapDestroy
HeapSize
HeapReAlloc
WideCharToMultiByte
FindResourceExW
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CreateEventW
CreateThread
SetEvent
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
DeviceIoControl
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
DecodePointer
UnhandledExceptionFilter
lstrlenA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetFileType
GetOEMCP
GetACP
GetFileSize
FlushFileBuffers
WriteFile
CreateFileW
LockResource
GetCPInfo
LoadResource
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
Sleep
WaitForSingleObject
CloseHandle
TerminateProcess
GetLastError
GetLongPathNameW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
TlsAlloc
IsValidCodePage
GetStdHandle
LCMapStringW
GetStartupInfoW
TlsFree
RtlUnwind
GetCommandLineW
ExitThread
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TlsGetValue
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
TlsSetValue

user32

RegisterClassExW
CreateWindowExW
LoadCursorW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
UpdateWindow
LoadIconW

advapi32

CryptReleaseContext
CryptCreateHash
RegDeleteKeyW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
OleRun

oleaut32

LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d3:09:5e:fe:b6:9d:97:cc:b4:74:c1:13:d6:be:14:fb:47:8d:bd:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 856B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d3:09:5e:fe:b6:9d:97:cc:b4:74:c1:13:d6:be:14:fb:47:8d:bd:60
Signer

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 856B