8794c2c09ed9db8ed70bcc6af6041b5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8794c2c09ed9db8ed70bcc6af6041b5d_JaffaCakes118
Size

3.5MB
MD5

8794c2c09ed9db8ed70bcc6af6041b5d
SHA1

851858b9cec6f72c21a19c95e89889b6d8cf419d
SHA256

b24753db1cf7014a1619309de8a57c3ed6334989078bbbb0020ab3da6aa63f22
SHA512

3bc98cdc9017fd6e314c038f7afe73372ac9d72f3d268143ffe8d07eaa15feaf3a3c7f75d9c78c6604e871e486bd3889677a52ce83d3ac64c7ce4885ad87a703
SSDEEP

98304:O3aHFzps3V99yIDmuj/FBB4tGWi0rwF7ee2ugQaEmI:BYYrwTsQII

Score

1^/10

Malware Config

Signatures

Files

8794c2c09ed9db8ed70bcc6af6041b5d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1915831e04910f971959462e3f3efa57

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/12/2017, 00:00

Not After

10/12/2020, 23:59

Subject

CN=SweetLabs Inc.,O=SweetLabs Inc.,POSTALCODE=92101,STREET=510 Market St #301,L=San Diego,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/12/2017, 00:00

Not After

10/12/2020, 23:59

Subject

CN=SweetLabs Inc.,O=SweetLabs Inc.,POSTALCODE=92101,STREET=510 Market St #301,L=San Diego,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fc:db:59:c4:5c:cf:48:33:a6:7d:eb:f1:8e:91:fe:d3:12:9b:36:f6:b2:49:e0:a5:d4:0d:db:93:86:e4:51:2d
Signer

Actual PE Digest

fc:db:59:c4:5c:cf:48:33:a6:7d:eb:f1:8e:91:fe:d3:12:9b:36:f6:b2:49:e0:a5:d4:0d:db:93:86:e4:51:2d

Digest Algorithm

sha256

PE Digest Matches

true

ed:86:c4:8b:e1:da:c2:95:56:9d:a9:ed:a2:ac:6c:a9:2d:7a:1b:84
Signer

Actual PE Digest

ed:86:c4:8b:e1:da:c2:95:56:9d:a9:ed:a2:ac:6c:a9:2d:7a:1b:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushViewOfFile
OutputDebugStringA
UnmapViewOfFile
UnlockFileEx
UnlockFile
MapViewOfFile
LockFileEx
LockFile
HeapCompact
HeapValidate
GetVersionExA
GetTempPathA
GetFullPathNameW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
SetDllDirectoryW
SetDefaultDllDirectories
SetUnhandledExceptionFilter
ResetEvent
CreateDirectoryW
CreateFileW
GetCurrentThreadId
GetCurrentProcess
SetLastError
Sleep
TerminateProcess
LocalFree
LoadLibraryW
CreateEventW
WaitForSingleObject
FreeLibrary
SetEvent
CreateWaitableTimerW
SetWaitableTimer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
SleepEx
GetTickCount
QueryPerformanceCounter
ExpandEnvironmentStringsA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
FlushConsoleInputBuffer
GetVersion
WriteFile
GlobalMemoryStatus
SystemTimeToFileTime
GetSystemTime
LocalAlloc
InterlockedExchange
RaiseException
CreateEventA
CancelWaitableTimer
GetTickCount64
CreateSemaphoreA
HeapFree
GetProcessHeap
WaitForSingleObjectEx
GetSystemTimeAsFileTime
HeapAlloc
DuplicateHandle
TerminateThread
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
FileTimeToSystemTime
GetCurrentThread
GetModuleFileNameW
OutputDebugStringW
DeleteFileW
OpenEventW
OpenProcess
GetExitCodeProcess
GetUserGeoID
GetFileAttributesExW
GetTempFileNameW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetFileInformationByHandle
VerifyVersionInfoW
GetVersionExW
IsWow64Process
GetUserDefaultUILanguage
GetLocaleInfoW
GetFileSizeEx
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
lstrlenW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
VirtualQuery
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetThreadLocale
TlsSetValue
TlsAlloc
TryEnterCriticalSection
GetExitCodeThread
CreateThread
CreateMutexA
ReleaseMutex
QueryFullProcessImageNameW
CompareStringW
GlobalFree
SetFilePointer
GetFileSize
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedCompareExchange
EncodePointer
DecodePointer
RtlUnwind
ExitProcess
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread
GetFileAttributesA
CreateFileA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringW
GetCPInfo
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetFullPathNameA
GetCurrentDirectoryW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GetSystemInfo
ReleaseSemaphore
OpenEventA
ResumeThread
InterlockedExchangeAdd
WaitForMultipleObjectsEx
CreateWaitableTimerA
GetStringTypeExW
CloseHandle
GetLastError
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
CreateHardLinkW
GetProcAddress

wldap32

ord143
ord217
ord211
ord22
ord79
ord50
ord301
ord27
ord41
ord46
ord60
ord45
ord32
ord26
ord30
ord200
ord33
ord35

normaliz

IdnToAscii

dbghelp

MiniDumpWriteDump

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

secur32

GetUserNameExW

gdi32

DeleteDC

advapi32

CryptSignHashA
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptDestroyKey
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CryptEnumProvidersA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey
RegOpenKeyExW
CryptCreateHash
CryptDecrypt
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
OpenProcessToken
OpenThreadToken
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegDeleteValueW
ConvertSidToStringSidW
LookupAccountNameW
CryptSetHashParam

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW
SHGetMalloc
SHGetFolderPathW
CommandLineToArgvW
SHGetDesktopFolder
SHEvaluateSystemCommandTemplate
ShellExecuteExW

ole32

CoUninitialize
CoTaskMemFree
StringFromGUID2
CoInitializeEx
PropVariantClear
CoCreateGuid
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocString
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

msi

ord217
ord173

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

DeleteUrlCacheEntryW
InternetQueryOptionW

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext

userenv

ExpandEnvironmentStringsForUserW

shlwapi

StrRetToBufW
ord487
ord176
SHRegDuplicateHKey
PathGetArgsW
AssocQueryStringW
PathFileExistsW

gdiplus

GdiplusShutdown

ws2_32

freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
__WSAFDIsSet
WSAGetLastError
select
socket
WSACleanup
WSAStartup
recv
send
WSAIoctl
setsockopt
shutdown
getservbyname
gethostbyname
WSASetLastError
getsockname
ntohs
bind
htons
getsockopt
connect
closesocket
getpeername

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1915831e04910f971959462e3f3efa57

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

fc:db:59:c4:5c:cf:48:33:a6:7d:eb:f1:8e:91:fe:d3:12:9b:36:f6:b2:49:e0:a5:d4:0d:db:93:86:e4:51:2dSigner

ed:86:c4:8b:e1:da:c2:95:56:9d:a9:ed:a2:ac:6c:a9:2d:7a:1b:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldap32

normaliz

dbghelp

wtsapi32

secur32

gdi32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

wininet

winhttp

wintrust

crypt32

userenv

shlwapi

gdiplus

ws2_32

version

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 567KB - Virtual size: 566KB

.data Size: 66KB - Virtual size: 93KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 176KB - Virtual size: 175KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

0f:7e:0d:f0:32:2a:86:71:13:7d:1b:29:3f:2c:a8:18
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fc:db:59:c4:5c:cf:48:33:a6:7d:eb:f1:8e:91:fe:d3:12:9b:36:f6:b2:49:e0:a5:d4:0d:db:93:86:e4:51:2d
Signer

ed:86:c4:8b:e1:da:c2:95:56:9d:a9:ed:a2:ac:6c:a9:2d:7a:1b:84
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 567KB - Virtual size: 566KB

.data
Size: 66KB - Virtual size: 93KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 176KB - Virtual size: 175KB