ab630c3abfd7b12f53976f1f6ca19443_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab630c3abfd7b12f53976f1f6ca19443_JaffaCakes118
Size

157KB
MD5

ab630c3abfd7b12f53976f1f6ca19443
SHA1

182fb6525e54618e0e774fb81f4992e5c0a92e25
SHA256

14db0ffee7ed9094d4db2d78f6ecc2536c2fd096507653069c618e387f37330e
SHA512

9e633f9a2e0a49b5506cf7059aee8c823e451edfc11addda5714261a3127c45ead9828ac32a09ca4004615dd95a0f39799c56d69f4cf4d03ddab20708c7d0493
SSDEEP

3072:6l3/Z0z8Uo55bjiEenIWh+GzKgUkIzeG7K5hYlB0w/UsNlDQjXT:fgUodHaXT

Score

1^/10

Malware Config

Signatures

Files

ab630c3abfd7b12f53976f1f6ca19443_JaffaCakes118
.exe windows:5 windows x64 arch:x64

b4a92abf5b8c7547933c0838fcc7ea57

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/06/2011, 09:46

Not After

28/06/2014, 09:46

Subject

CN=Benjamin Delpy,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7b:d1:aa:54:4f:23:e6:1f:ff:c7:d0:42:54:81:a0:f9:11:ce:38:cb
Signer

Actual PE Digest

7b:d1:aa:54:4f:23:e6:1f:ff:c7:d0:42:54:81:a0:f9:11:ce:38:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

PFXExportCertStoreEx
CertEnumSystemStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore
CertGetNameStringW
CryptAcquireCertificatePrivateKey

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathCombineW

samlib

SamQueryInformationUser
SamEnumerateUsersInDomain
SamOpenUser
SamOpenDomain
SamConnect
SamCloseHandle
SamFreeMemory

netapi32

NetUserGetInfo
NetLocalGroupEnum
NetUserEnum
NetGroupEnum
NetApiBufferFree

version

VerQueryValueW

advapi32

MD5Final
MD5Update
MD5Init
QueryServiceObjectSecurity
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CheckTokenMembership
DuplicateTokenEx
SetThreadToken
OpenThreadToken
SystemFunction025
SystemFunction032
LsaFreeMemory
RegSetValueExW
LsaRetrievePrivateData
LsaStorePrivateData
FreeSid
AllocateAndInitializeSid
CloseServiceHandle
BuildSecurityDescriptorW
SetServiceObjectSecurity
CreateServiceW
ClearEventLogW
GetNumberOfEventLogRecords
OpenEventLogW
CryptGetUserKey
CryptDestroyKey
CryptGetProvParam
CryptEnumProvidersW
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey
ConvertSidToStringSidW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
IsTextUnicode
ControlService
QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
LsaQueryInformationPolicy

kernel32

CreateProcessW
GetCurrentProcess
DuplicateHandle
SetConsoleCtrlHandler
SetConsoleOutputCP
SetConsoleTitleW
FreeLibrary
LoadLibraryW
GetProcAddress
FreeResource
FindResourceW
LoadResource
GetModuleHandleW
GetVersionExW
SetConsoleCursorPosition
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
LockResource
GetCurrentThread
GetCurrentProcessId
WaitForSingleObject
GetExitCodeThread
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
OpenProcess
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
VirtualAlloc
ReadFile
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
SetFilePointer
DeviceIoControl
SetLastError
GetLastError
LocalFree
CloseHandle
LocalAlloc
GetCurrentDirectoryW
FlushFileBuffers
CreateFileW
WriteFile
Sleep
VirtualProtect
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
GetSystemTimeAsFileTime

shell32

CommandLineToArgvW

ntdll

RtlEqualString
RtlCreateUserThread
NtTerminateProcess
NtSuspendProcess
RtlAdjustPrivilege
NtResumeProcess
_wcsnicmp
wcstoul
RtlGetNtVersionNumbers
NtQueryObject
_wcsicmp
wcschr
wcsrchr
RtlEqualUnicodeString
NtQueryInformationProcess
RtlGetCurrentPeb
RtlInitUnicodeString
NtQuerySystemInformation
wcsstr
memcmp

msvcrt

_write
_isatty
ungetc
_lseeki64
_read
__pioinfo
__badioinfo
realloc
?terminate@@YAXXZ
_errno
vfwprintf
fflush
_wfopen
_iob
fclose
free
_wcsdup
_fileno
_setmode
swscanf
memcpy
memset
__C_specific_handler
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
calloc
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_unlock
_lock
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4a92abf5b8c7547933c0838fcc7ea57

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0Certificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

7b:d1:aa:54:4f:23:e6:1f:ff:c7:d0:42:54:81:a0:f9:11:ce:38:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

samlib

netapi32

version

advapi32

kernel32

shell32

ntdll

msvcrt

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

7b:d1:aa:54:4f:23:e6:1f:ff:c7:d0:42:54:81:a0:f9:11:ce:38:cb
Signer

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 1KB - Virtual size: 1KB