7fb83d4414d4e69b8647844c5971d8e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fb83d4414d4e69b8647844c5971d8e5_JaffaCakes118
Size

16.8MB
MD5

7fb83d4414d4e69b8647844c5971d8e5
SHA1

4756ab957a2bbbcd1b8483e507ca2fe694ccddbe
SHA256

aa6ee5e2e8a636738d74adf6ba6225cb2e18948c4833b606c2bcf7d5a6c41277
SHA512

35a761efa4f66b77b1a1810dc400cb7ae4e05c0dfc0f641d4c1d2604e94c168d57f88fa2d90318784f642bcc2c51fb0b8ac1562d7b122bb52337c19a906deb04
SSDEEP

393216:XNbpsIFKClEsW3LTVvtMI4akRE0qHxv2h:JSUfC3LhvtEat0MvC

Score

1^/10

Malware Config

Signatures

Files

7fb83d4414d4e69b8647844c5971d8e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ac5d4eafb5446e1cb01d61d5be956667

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:d4:78:5d:09:b3:8e:e8:d2:52:eb:c0:2f:b1:1e:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2014, 00:00

Not After

05/02/2018, 23:59

Subject

CN=Dell Inc.,OU=Product Group Release Engineering,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:84:0c:62:dd:dd:0a:c1:ee:5f:39:a0:18:92:db:53:4b:87:30:03
Signer

Actual PE Digest

33:84:0c:62:dd:dd:0a:c1:ee:5f:39:a0:18:92:db:53:4b:87:30:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
FindFirstVolumeW
LoadLibraryW
SetDllDirectoryW
CreateProcessW
GetStartupInfoW
FindNextFileW
CopyFileW
SetFileAttributesW
FindClose
FindFirstFileW
CreateProcessA
GetStartupInfoA
Sleep
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
FormatMessageW
WideCharToMultiByte
GetCurrentProcess
GetFileSizeEx
CreateFileW
GetTempPathW
RemoveDirectoryW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetExitCodeProcess
GetFileSize
CreateMutexW
OpenMutexW
VerifyVersionInfoW
VerSetConditionMask
GetVersionExA
GetVersionExW
SetEnvironmentVariableA
GetProcAddress
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapSize
GetFileType
SetHandleCount
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetStdHandle
WriteFile
ExitProcess
GetFullPathNameW
InterlockedDecrement
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsFree
HeapCreate
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
ResumeThread
ExitThread
FindFirstFileExW
GetDriveTypeW
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
FindFirstVolumeA
FindNextVolumeA
FindVolumeClose
LocalAlloc
LocalFree
CreateThread
GetVolumeInformationA
SetEvent
CreateFileA
GetLastError
GetModuleHandleW
CloseHandle
WaitForSingleObject
TerminateThread
HeapReAlloc
HeapSetInformation
GetCommandLineA
CreateEventW
CompareStringW
DeleteFileW
GetSystemTimeAsFileTime
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
HeapAlloc
RtlUnwind
HeapFree
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
lstrlenA
GetACP
GetSystemDirectoryA
LoadLibraryA
TlsGetValue
GetCurrentThread
DuplicateHandle
TlsSetValue
TlsAlloc
GetCurrentThreadId
InterlockedCompareExchange
InitializeCriticalSection
ReleaseMutex
CreateMutexA
GetModuleHandleA
GetModuleFileNameA

user32

CharNextW
MessageBoxW
SetFocus
GetDC
ReleaseDC
GetWindowLongW
RegisterClassExA
DefWindowProcW
DestroyWindow
PostQuitMessage
RegisterDeviceNotificationW
CreateWindowExA
SetWindowTextW
RedrawWindow
SetClassLongW
LoadImageW
EndDialog
SetDlgItemTextW
DestroyIcon
SendMessageW
EndPaint
BeginPaint
UnregisterClassA
GetDlgItem
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
UpdateWindow
UnregisterDeviceNotification
wsprintfW
ExitWindowsEx
DialogBoxParamW

gdi32

GetDeviceCaps

shell32

SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
OleLoadPicture
VarUI4FromStr

advapi32

RegEnumKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

rpcrt4

UuidCreate
UuidToStringW

crypt32

CryptQueryObject

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

ws2_32

bind
getsockname
listen
WSAStartup
socket
ioctlsocket
connect
__WSAFDIsSet
getsockopt
recv
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
closesocket
select
send

Sections

.text
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 953KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac5d4eafb5446e1cb01d61d5be956667

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:d4:78:5d:09:b3:8e:e8:d2:52:eb:c0:2f:b1:1e:c1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:84:0c:62:dd:dd:0a:c1:ee:5f:39:a0:18:92:db:53:4b:87:30:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

rpcrt4

crypt32

setupapi

ws2_32

Sections

.text Size: 638KB - Virtual size: 637KB

.rdata Size: 953KB - Virtual size: 952KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 63KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:d4:78:5d:09:b3:8e:e8:d2:52:eb:c0:2f:b1:1e:c1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:84:0c:62:dd:dd:0a:c1:ee:5f:39:a0:18:92:db:53:4b:87:30:03
Signer

.text
Size: 638KB - Virtual size: 637KB

.rdata
Size: 953KB - Virtual size: 952KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 63KB - Virtual size: 62KB