85089df54229a3cb24a15cd828802bfb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

85089df54229a3cb24a15cd828802bfb_JaffaCakes118
Size

1.3MB
MD5

85089df54229a3cb24a15cd828802bfb
SHA1

85cdcd6c39f078acec521adaaf93c82f9153d65d
SHA256

466454f69ca0c2578c316414f9dee87c1d7d36a806966f6d0c850c825a3dfaab
SHA512

53952cf6c3f60a7122ec48daedca9415039c55e2a589068d8da10c719ca1e1cbcb204f00c48fdd228b35a5df9124efa13337012b0e3f2bf8a14e2513c3481a6d
SSDEEP

24576:qHrtWSadjpbdyAb80L9XKWQ0+iZkONbR4aaLCIrULnt:rjGAYAN4aIrULt

Score

1^/10

Malware Config

Signatures

Files

85089df54229a3cb24a15cd828802bfb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bd15a10f0bcece6ba416eed90e7ebac

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17-04-2018 08:20

Not After

18-05-2027 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

07-03-2019 07:37

Not After

06-03-2020 07:37

Subject

CN=上海游创网络科技有限公司,O=上海游创网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c11796f75636875616e67403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:3b:c7:91:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 20:15

Not After

15-04-2021 20:25

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17-04-2018 08:20

Not After

18-05-2027 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

07-03-2019 07:37

Not After

06-03-2020 07:37

Subject

CN=上海游创网络科技有限公司,O=上海游创网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c11796f75636875616e67403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:3b:c7:91:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 20:15

Not After

15-04-2021 20:25

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:82:61:84:56:78:54:33:e0:e9:09:d2:13:81:2e:db:44:ec:a2:f0:60:0a:71:e6:c0:9d:64:1d:28:47:02:9c
Signer

Actual PE Digest

24:82:61:84:56:78:54:33:e0:e9:09:d2:13:81:2e:db:44:ec:a2:f0:60:0a:71:e6:c0:9d:64:1d:28:47:02:9c

Digest Algorithm

sha256

PE Digest Matches

true

2e:d4:92:ad:53:3b:49:1b:d1:a0:ab:22:84:fd:1b:74:c3:1d:30:8f
Signer

Actual PE Digest

2e:d4:92:ad:53:3b:49:1b:d1:a0:ab:22:84:fd:1b:74:c3:1d:30:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

wininet

InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetConnectW
HttpQueryInfoW
InternetOpenUrlW

psapi

GetModuleFileNameExW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

GetVersionExW
InterlockedDecrement
GetSystemInfo
GetTickCount
SetLastError
lstrlenW
Sleep
MoveFileExW
GetTempFileNameW
GetLongPathNameW
CreateFileW
MoveFileW
GetTempPathW
DeviceIoControl
GetFullPathNameW
SetFileTime
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
LocalFree
GetModuleFileNameW
ResumeThread
GetCurrentThreadId
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceW
WaitForMultipleObjects
ExitThread
QueryPerformanceCounter
SetPriorityClass
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
MulDiv
InterlockedIncrement
OutputDebugStringW
GetModuleHandleA
LocalAlloc
CreateProcessA
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpA
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
LoadResource
GetModuleHandleW
TerminateProcess
FreeLibrary
FreeResource
FindResourceW
GetCurrentProcess
LockResource
SizeofResource
ExpandEnvironmentStringsW
OpenProcess
LoadLibraryExW
GetProcAddress
DeleteFileW
CreateDirectoryW
GetFileAttributesW
GetDriveTypeW
SetFileAttributesW
CreateEventW
ResetEvent
SetEvent
GetWindowsDirectoryW
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
WaitForSingleObject
ReadFile
CreateFileA
WriteFile
SetFilePointer
CloseHandle
GetSystemDirectoryW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLastError
GetPrivateProfileStringW
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
GetProcessHeap
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
SetEndOfFile

user32

GetSysColor
MoveWindow
RedrawWindow
ClientToScreen
FillRect
DestroyMenu
CreatePopupMenu
OffsetRect
ShowCaret
SetCapture
CreateCaret
HideCaret
ReleaseDC
ScreenToClient
EnableMenuItem
BeginPaint
InvalidateRect
EndPaint
DestroyWindow
ReleaseCapture
GetCursorPos
GetFocus
GetCaretPos
SetCaretPos
GetUpdateRect
TrackPopupMenu
GetDC
AppendMenuW
SetWindowRgn
IntersectRect
PtInRect
IsRectEmpty
CharNextW
SetCursor
DrawFocusRect
ChildWindowFromPointEx
GetAsyncKeyState
DrawTextW
DrawIconEx
CharPrevW
CopyImage
InvalidateRgn
DestroyAcceleratorTable
CreateAcceleratorTableW
SetWindowLongW
GetMonitorInfoW
GetWindowLongW
MonitorFromWindow
SetTimer
PostQuitMessage
SetWindowPos
KillTimer
GetActiveWindow
LoadStringW
TranslateAcceleratorW
GetKeyState
RegisterClassW
GetClassInfoExW
GetPropW
GetMessageW
LoadCursorW
SendMessageW
CallWindowProcW
SetPropW
EnableWindow
DefWindowProcW
IsWindowEnabled
LoadImageW
UpdateLayeredWindow
IsWindow
DestroyIcon
PostMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetFocus
RegisterClassExW
CharNextA
LoadBitmapW
IsZoomed
GetClientRect
IsWindowVisible
GetWindowTextLengthW
GetWindowTextW
MapWindowPoints
SystemParametersInfoW
GetWindowRect
SetForegroundWindow
GetWindow
SetWindowTextW
IsIconic
IsChild
GetSystemMetrics
ShowWindow
GetParent

gdi32

GetClipRgn
MoveToEx
EnumFontsW
CreateEllipticRgn
SelectClipRgn
GetTextExtentPoint32W
GetBitmapBits
GetClipBox
SetBitmapBits
SetBkColor
CreateCompatibleBitmap
GetCharABCWidthsW
RoundRect
ExtSelectClipRgn
SetStretchBltMode
ExtTextOutW
TextOutW
SetBkMode
StretchBlt
GetDeviceCaps
CombineRgn
CreateCompatibleDC
LineTo
DeleteObject
CreateDIBSection
GetObjectW
SelectObject
SetTextColor
CreateFontIndirectW
DeleteDC
CreatePen
BitBlt
GetTextMetricsW
Rectangle
CreateRectRgn
GetStockObject
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush

advapi32

CheckTokenMembership
RegEnumKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
FreeSid
RegQueryInfoKeyW
AllocateAndInitializeSid

shell32

SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
DoDragDrop
OleLockRunning
OleDuplicateData
ReleaseStgMedium
CoUninitialize

oleaut32

VariantClear
SysFreeString
SafeArrayDestroy
SafeArrayPutElement
OleLoadPicture
SysAllocString
SafeArrayCreate

shlwapi

StrRetToStrW

cabinet

ord22
ord23
ord20

Sections

.text
Size: 1012KB - Virtual size: 1011KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bd15a10f0bcece6ba416eed90e7ebac

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22Certificate

Extended Key Usages

Key Usages

61:3b:c7:91:00:00:00:00:00:34Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:3b:c7:91:00:00:00:00:00:34Certificate

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

24:82:61:84:56:78:54:33:e0:e9:09:d2:13:81:2e:db:44:ec:a2:f0:60:0a:71:e6:c0:9d:64:1d:28:47:02:9cSigner

2e:d4:92:ad:53:3b:49:1b:d1:a0:ab:22:84:fd:1b:74:c3:1d:30:8fSigner

Headers

File Characteristics

Imports

msimg32

comctl32

wininet

psapi

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

cabinet

Sections

.text Size: 1012KB - Virtual size: 1011KB

.rdata Size: 212KB - Virtual size: 209KB

.data Size: 20KB - Virtual size: 31KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 52KB - Virtual size: 49KB

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22
Certificate

61:3b:c7:91:00:00:00:00:00:34
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

16:26:fd:54:d8:db:f1:b0:02:da:26:83:a0:58:56:22
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:3b:c7:91:00:00:00:00:00:34
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

24:82:61:84:56:78:54:33:e0:e9:09:d2:13:81:2e:db:44:ec:a2:f0:60:0a:71:e6:c0:9d:64:1d:28:47:02:9c
Signer

2e:d4:92:ad:53:3b:49:1b:d1:a0:ab:22:84:fd:1b:74:c3:1d:30:8f
Signer

.text
Size: 1012KB - Virtual size: 1011KB

.rdata
Size: 212KB - Virtual size: 209KB

.data
Size: 20KB - Virtual size: 31KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 52KB - Virtual size: 49KB