8f2a418d3f832b0e994030dbb5f4b53e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8f2a418d3f832b0e994030dbb5f4b53e_JaffaCakes118
Size

2.1MB
MD5

8f2a418d3f832b0e994030dbb5f4b53e
SHA1

65ee3b1bda08eba64a6792e416f67ae8b6c3b0d7
SHA256

58c35b775ba298cb5dae7479285a7601e70f6aa69bc15a59d258e395a5c4b6c2
SHA512

999744c6cac2159aadaca44d910d46680e5d45f9d166e333e65366e07845916373beb0d5a1fe5436c6ac4426782c625c16f95a43fe81ba3ec3ee9d77e0ab3077
SSDEEP

49152:Tw3n1wBAhL+Inwh/qNwffAj3g/bTqSk6cbm+R8vv:mIAt+IA/lgQ/6S+b1RA

Score

1^/10

Malware Config

Signatures

Files

8f2a418d3f832b0e994030dbb5f4b53e_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2fa345c2d6ccde5ecfd521c6cd90ebe9

Code Sign

ad:ad:e1:4c:50:9b:e0:76
Certificate

Issuer

CN=BlackSun,OU=BlackSun,O=Warface BlackSun,L=Moscow,ST=Russia,C=RU,1.2.840.113549.1.9.1=#0c15737570706f7274407766626c61636b73756e2e7275

Not Before

25/03/2019, 16:02

Not After

10/08/2046, 16:02

Subject

CN=BlackSun,OU=BlackSun,O=Warface BlackSun,L=Moscow,ST=Russia,C=RU,1.2.840.113549.1.9.1=#0c15737570706f7274407766626c61636b73756e2e7275

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:d4:84:0e:1c:9b:22:4c:7d:fa:ed:4d:e4:05:02:68:7c:48:d4:1f
Signer

Actual PE Digest

17:d4:84:0e:1c:9b:22:4c:7d:fa:ed:4d:e4:05:02:68:7c:48:d4:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
ResumeThread
CreateProcessA
OpenProcess
GetLocalTime
GetSystemFirmwareTable
VirtualAlloc
VirtualFree
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
FreeResource
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadResource
LockResource
SizeofResource
LoadLibraryA
LocalAlloc
LocalFree
FindResourceA
GetComputerNameA
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetProcessHeap
OutputDebugStringW
MoveFileExW
CreateRemoteThread
SetFilePointerEx
ReadConsoleW
TerminateProcess
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
ExitProcess
GetCurrentProcess
Sleep
GetLastError
CloseHandle
WriteFile
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
ReadFile
LoadLibraryExW
FreeLibrary
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SetEndOfFile
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
DeleteFileW
CreateThread
LCMapStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
CreateFileA
CreateDirectoryA
GetConsoleMode
GetCurrentDirectoryA
EnterCriticalSection

user32

TranslateMessage
SetLayeredWindowAttributes
CharToOemA
GetSystemMetrics
UpdateWindow
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
MessageBoxA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsChild
SetWindowPos
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
GetWindowRect
SetCursorPos
ShowWindow
wsprintfA
SetCursor
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos

advapi32

RegOpenKeyExA
OpenThreadToken
AdjustTokenPrivileges
ConvertSidToStringSidA
RegQueryValueExA
OpenProcessToken
RegCloseKey
LookupPrivilegeValueA
LookupAccountNameA

shell32

ShellExecuteA
SHGetFolderPathA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

ws2_32

htons
recv
send
socket
WSAStartup
WSACleanup
connect
closesocket
__WSAFDIsSet
inet_addr
select

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

ntdll

NtQuerySystemInformation

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_3

ord4
ord2

Sections

.text
Size: 690KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fa345c2d6ccde5ecfd521c6cd90ebe9

Code Sign

ad:ad:e1:4c:50:9b:e0:76Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

17:d4:84:0e:1c:9b:22:4c:7d:fa:ed:4d:e4:05:02:68:7c:48:d4:1fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

setupapi

ws2_32

urlmon

iphlpapi

ntdll

d3d9

d3dx9_43

winhttp

imm32

xinput1_3

Sections

.text Size: 690KB - Virtual size: 697KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 28KB - Virtual size: 27KB

ad:ad:e1:4c:50:9b:e0:76
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

17:d4:84:0e:1c:9b:22:4c:7d:fa:ed:4d:e4:05:02:68:7c:48:d4:1f
Signer

.text
Size: 690KB - Virtual size: 697KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 28KB - Virtual size: 27KB