778a53e2e04b04edc1aa1d96373a1a32_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

778a53e2e04b04edc1aa1d96373a1a32_JaffaCakes118
Size

224KB
MD5

778a53e2e04b04edc1aa1d96373a1a32
SHA1

6a79a1e37faf02bea93e672f592155b0f5ced3ec
SHA256

23d6d72c9d7b00685d9fff2f2d7c3e9e66e8394dcb7787cbf3b4eadde2d5d0ba
SHA512

3365ea3217e01e1e90250b043028f4a8efa425b7c3caa22719bdcd21a6077000e9d97440e0a64b8ba824d70e4a9454cf08856c842245193cd277cce3f97fed16
SSDEEP

3072:M7ez4vV52V5cF4UY4Zm8G1PN4TWD6p37ZXzGQJdLL/647mO+494jjDg7hA1:sA42MRYN47RJDJruO194jj87O

Score

1^/10

Malware Config

Signatures

Files

778a53e2e04b04edc1aa1d96373a1a32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

183f117703bb9cae49af90b93d0525da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Syctoska Tetpos,O=Pacageh Cihshweyebdo Reod,L=Qibelubr,ST=Meplondotru,C=RU

Not Before

14-07-2015 00:05

Not After

13-07-2016 00:05

Subject

CN=Peojre Naifk,O=Pacageh Cihshweyebdo Reod,L=Qibelubr,ST=Meplondotru,C=RU

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:79:bf:7e:9f:dc:89:46:2e:ad:5d:8f:4f:00:d2:96:f4:4c:4c:6d
Signer

Actual PE Digest

a0:79:bf:7e:9f:dc:89:46:2e:ad:5d:8f:4f:00:d2:96:f4:4c:4c:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSCEnumProtocols
WSAStartup
WSCInstallProvider
WSCDeinstallProvider
WSACloseEvent
connect
inet_ntoa
WSCGetProviderPath
inet_addr
WSAEnumNetworkEvents
htons
WSAEventSelect
WSACleanup
socket
WSACreateEvent
closesocket
gethostbyname
WSAWaitForMultipleEvents

rpcrt4

UuidCreate

kernel32

SetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryA
GetCurrentProcessId
GetSystemTime
ExpandEnvironmentStringsW
HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SizeofResource
MultiByteToWideChar
RaiseException
HeapSize
LockResource
DecodePointer
GetModuleHandleA
DeleteCriticalSection
Process32First
Process32Next
CreateToolhelp32Snapshot
CloseHandle
CreateFileA
GetCurrentProcess
GetLastError
Sleep
CopyFileA
IsWow64Process
DeviceIoControl
DeleteFileA
GetModuleFileNameW
FreeLibrary
MoveFileExW
InterlockedDecrement
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
MoveFileW
GetLocalTime
GetModuleFileNameA
GetCurrentDirectoryA
MoveFileExA
MoveFileA
GetTempPathW
GetVersionExA
lstrlenA
FindFirstFileA
HeapCreate
LeaveCriticalSection
HeapDestroy
LoadLibraryW
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSection
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
LCMapStringW
LoadLibraryExW
SetStdHandle
FlushFileBuffers
CreateFileW
WriteConsoleW
OutputDebugStringW
SetEndOfFile
LocalFree
ReadConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetTickCount
GetStringTypeW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
GetEnvironmentStringsW

advapi32

AdjustTokenPrivileges
RegSaveKeyA
LookupPrivilegeValueA
RegRestoreKeyA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

ole32

StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

183f117703bb9cae49af90b93d0525da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

a0:79:bf:7e:9f:dc:89:46:2e:ad:5d:8f:4f:00:d2:96:f4:4c:4c:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 9KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

a0:79:bf:7e:9f:dc:89:46:2e:ad:5d:8f:4f:00:d2:96:f4:4c:4c:6d
Signer

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 9KB - Virtual size: 9KB