785bb5868da2316f7de9605f6972e7a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

785bb5868da2316f7de9605f6972e7a8_JaffaCakes118
Size

13.5MB
MD5

785bb5868da2316f7de9605f6972e7a8
SHA1

6e54271fcded706e881f3f19b5262f3a35e27345
SHA256

863b1c52f24f0dd944dcf72c40b2d08103b5c8fc01fbb7a3121b0b242a785b8a
SHA512

211b7d20df1266e6e6c330683949a1d2883cc745fbb7ba98e14585455b402914932256ec3514bab615b4fc870f9f758d4352d13a195f576d82ca3fa7edcd469c
SSDEEP

196608:hXuvL4t7gLwnAqTPimmkLZP/Em7uylSc1x1snHuD1Aa5M9Gt/zI+JUN+HNNXc:hQ45gnqGmhZP/X7uuBLD1j5Gu0SUNunc

Score

1^/10

Malware Config

Signatures

Files

785bb5868da2316f7de9605f6972e7a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68774b76c71358613da7a94d3f38b1c5

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:55:97:77:4a:95:5f:38:ab:aa:9e:39:fb:18:f6:7c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/07/2019, 00:00

Not After

22/07/2022, 12:00

Subject

CN=Beijing Rising Network Security Technology Co.\, Ltd.,O=Beijing Rising Network Security Technology Co.\, Ltd.,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2e:01:aa:9d:c5:06:97:bf:a9:92:7c:21:84:b4:59
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/07/2019, 00:00

Not After

22/07/2022, 12:00

Subject

CN=Beijing Rising Network Security Technology Co.\, Ltd.,O=Beijing Rising Network Security Technology Co.\, Ltd.,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:16:28:1b:47:34:30:fd:85:3f:cf:00:3d:fc:4c:60:86:3c:ec:91:e8:4a:0f:6c:20:e6:c5:4f:eb:34:00:b7
Signer

Actual PE Digest

d2:16:28:1b:47:34:30:fd:85:3f:cf:00:3d:fc:4c:60:86:3c:ec:91:e8:4a:0f:6c:20:e6:c5:4f:eb:34:00:b7

Digest Algorithm

sha256

PE Digest Matches

true

fa:22:0d:3d:c8:5a:2e:c8:3b:86:ae:30:cf:04:66:2b:09:f9:47:fa
Signer

Actual PE Digest

fa:22:0d:3d:c8:5a:2e:c8:3b:86:ae:30:cf:04:66:2b:09:f9:47:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\7zSfx.pdb

Imports

user32

CharUpperW
CharUpperA
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
EnableWindow
ShowWindow
SendMessageA
LoadStringA
GetDlgItem
MessageBoxA
PostMessageA
CharNextA

oleaut32

SysFreeString
VariantClear
SysAllocString

kernel32

GetSystemTimeAsFileTime
VirtualProtect
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetFileAttributesA
CloseHandle
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetLastError
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcatA
lstrlenA
GetStartupInfoA
InterlockedExchange
DeleteFileA
lstrcpyA
GetACP
GetLocaleInfoA
GetVersionExA
CreateDirectoryA
lstrcpynA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
Sleep
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetTickCount
ReleaseMutex
CreateThread
GetCommandLineA
CreateMutexA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
CreateDirectoryW
DeleteFileW
GetCurrentProcessId
GetCurrentThreadId
FindFirstFileW
SetEndOfFile
GetSystemInfo
RtlUnwind
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VirtualQuery

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68774b76c71358613da7a94d3f38b1c5

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0d:55:97:77:4a:95:5f:38:ab:aa:9e:39:fb:18:f6:7cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

05:2e:01:aa:9d:c5:06:97:bf:a9:92:7c:21:84:b4:59Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d2:16:28:1b:47:34:30:fd:85:3f:cf:00:3d:fc:4c:60:86:3c:ec:91:e8:4a:0f:6c:20:e6:c5:4f:eb:34:00:b7Signer

fa:22:0d:3d:c8:5a:2e:c8:3b:86:ae:30:cf:04:66:2b:09:f9:47:faSigner

Headers

File Characteristics

PDB Paths

Imports

user32

oleaut32

kernel32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 32KB - Virtual size: 29KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0d:55:97:77:4a:95:5f:38:ab:aa:9e:39:fb:18:f6:7c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

05:2e:01:aa:9d:c5:06:97:bf:a9:92:7c:21:84:b4:59
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d2:16:28:1b:47:34:30:fd:85:3f:cf:00:3d:fc:4c:60:86:3c:ec:91:e8:4a:0f:6c:20:e6:c5:4f:eb:34:00:b7
Signer

fa:22:0d:3d:c8:5a:2e:c8:3b:86:ae:30:cf:04:66:2b:09:f9:47:fa
Signer

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 32KB - Virtual size: 29KB