a01c724688c9fcd135770582212fcdf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a01c724688c9fcd135770582212fcdf2_JaffaCakes118
Size

580KB
MD5

a01c724688c9fcd135770582212fcdf2
SHA1

385ff5903c91771311c04176086359cf2281e81c
SHA256

27c4ce159c6bfef1f460759533bb0ebc5dd609c97fe829d80d32865000ed6d1d
SHA512

2bae9e5aac13636f1c0f756f435402e4e1f867b435f8634159705fe244567e17513caaaed77a52770b7cd51f6b18bb7bdbf60b77dd788b67fcd46444e53f749d
SSDEEP

12288:B0b2yZNTB5q8LV2HoBhEdBqhCkRRPveFttaGPfhMoCeudg:2VNZyseCVg

Score

1^/10

Malware Config

Signatures

Files

a01c724688c9fcd135770582212fcdf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

536defe5e1ec3e14054d3262f2871d95

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:19:0d:7c:9e:4c:8f:69:a7:79:34:6d:80:2b:1d:e7
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/03/2019, 00:00

Not After

13/04/2020, 12:00

Subject

SERIALNUMBER=480001000861,CN=JUSTSYSTEMS CORPORATION,O=JUSTSYSTEMS CORPORATION,L=Tokushima-shi,ST=Tokushima,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:e4:8a:9f:27:ca:27:86:ca:d9:1e:6a:0f:75:a6:b3:bf:3b:7b:2c
Signer

Actual PE Digest

ea:e4:8a:9f:27:ca:27:86:ca:d9:1e:6a:0f:75:a6:b3:bf:3b:7b:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\license_management_agent\branches\jspass2_20181101\LMAUI\Release\JSLMAUI.pdb

Imports

imm32

ImmAssociateContext

wininet

InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

kernel32

GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
HeapReAlloc
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringA
LCMapStringW
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
GetVersionExW
SetLastError
GetLastError
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryW
GetModuleHandleW
GetProcAddress
CreateEventW
SetEvent
LocalFree
ExpandEnvironmentStringsW
SetErrorMode
SetFilePointer
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
FindResourceExW
GlobalFlags
WritePrivateProfileStringW
ReadFile
WaitForSingleObject
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
ReleaseMutex
CreateMutexW
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
CreateNamedPipeW
FormatMessageW
lstrlenW
MulDiv
VirtualProtect
FreeResource
RaiseException
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
DeleteFileW
GetTempPathW
GetTempFileNameW
CompareFileTime
WideCharToMultiByte
GlobalSize
GlobalGetAtomNameW
lstrlenA
InterlockedDecrement
ResumeThread
InterlockedIncrement
MultiByteToWideChar
GetModuleFileNameW
OpenProcess
Sleep
WaitNamedPipeW
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcess
GetConsoleCP

user32

GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
IsWindowVisible
UpdateWindow
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
InflateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
SetPropW
GetCapture
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
SetFocus
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuItemInfoW
GetKeyState
GetFocus
GetWindowDC
SystemParametersInfoW
GetSystemMetrics
GetSysColorBrush
DrawIconEx
SetCursor
ReleaseCapture
LoadCursorW
SetCapture
RedrawWindow
InvalidateRect
SetWindowRgn
DrawTextW
LoadBitmapW
CopyRect
OffsetRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
IsClipboardFormatAvailable
GetClipboardData
GetDlgItem
CloseClipboard
OpenClipboard
GetClassNameW
GetWindow
RegisterWindowMessageW
PeekMessageW
GetCursorPos
DefWindowProcW
UnregisterClassW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorW
ShowOwnedPopups
KillTimer
SetTimer
LoadMenuW
GetSubMenu
GetSysColor
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
GetDC
ReleaseDC
GetParent
EnableWindow
DestroyIcon
PostMessageW
MapDialogRect
LoadIconW
GetClientRect
GetWindowRect
GetSystemMenu
SendMessageW
AppendMenuW
DestroyMenu
UnregisterClassA

gdi32

PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
CreateSolidBrush
CreateCompatibleBitmap
DPtoLP
EnumFontFamiliesExW
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetTextExtentPoint32W
ExtTextOutW
BitBlt
GetDeviceCaps
DeleteDC
CreateRectRgn
CombineRgn
DeleteObject
GetDIBits
StretchBlt
GetObjectW
CreateFontIndirectW
SetTextColor
SetBkColor
GetStockObject
GetPixel
SelectObject
CreateCompatibleDC

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
LookupAccountNameW
EqualSid
GetSecurityInfo
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
ord680
ShellExecuteW
Shell_NotifyIconW
ord727
SHGetStockIconInfo
SHGetFolderPathW
DragFinish
ExtractIconExW
DragQueryFileW

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW

ole32

CreateStreamOnHGlobal

oleaut32

VariantInit
VariantChangeType
VariantClear

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRect
GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

536defe5e1ec3e14054d3262f2871d95

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

02:19:0d:7c:9e:4c:8f:69:a7:79:34:6d:80:2b:1d:e7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

ea:e4:8a:9f:27:ca:27:86:ca:d9:1e:6a:0f:75:a6:b3:bf:3b:7b:2cSigner

Headers

File Characteristics

PDB Paths

Imports

imm32

wininet

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

Sections

.text Size: 264KB - Virtual size: 261KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 220KB - Virtual size: 218KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

02:19:0d:7c:9e:4c:8f:69:a7:79:34:6d:80:2b:1d:e7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

ea:e4:8a:9f:27:ca:27:86:ca:d9:1e:6a:0f:75:a6:b3:bf:3b:7b:2c
Signer

.text
Size: 264KB - Virtual size: 261KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 220KB - Virtual size: 218KB