b2b9958e378ada0ec369cd55fd4ef0e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b2b9958e378ada0ec369cd55fd4ef0e2_JaffaCakes118
Size

129KB
MD5

b2b9958e378ada0ec369cd55fd4ef0e2
SHA1

f8512a481b061f8f5caa68d3f366b858a3ae1e03
SHA256

084af731edc3ac5b804c64521d23475ac8879253ae8df3d2f6c96eb446c3d122
SHA512

a4ea20db7a1f1cb8009272cc29da61d09da745825b889b00200288ac8c6f1e78a6695a68d51855e6c61b96571c46675d7e10da983046eb1cdbbea1cd842f4835
SSDEEP

1536:PTg8mPw8d4SLbmRPt4Ntxn4tBTjzHS9rck5QyuIoaGsS5yBF:PU82gkbjLprzuIoaGsSoBF

Score

1^/10

Malware Config

Signatures

Files

b2b9958e378ada0ec369cd55fd4ef0e2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

81ce694558e5d77bc2fe8cd5ae38fb35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2015, 00:00

Not After

06/06/2018, 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17
Signer

Actual PE Digest

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

initialize

ord28
ord10

saveoperate

ord4

kernel32

EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetLastError
ReadFile
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
HeapSize
WideCharToMultiByte
LCMapStringA
LCMapStringW
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
SetStdHandle
GetStringTypeA
GetStringTypeW
CreateFileW
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetEndOfFile

Exports

Exports

check_fat_format_save_data
fat_exit
fat_fmtRec_exit
fat_fmtRec_init
fat_fmtRec_readfile
fat_fmtRec_search
fat_fmtStop
fat_init
fat_open_dir
fat_readfile
fat_searchfile
fat_searchfile_dir
fat_show
free_fat_file_info
get_fat_del_info_to_save
get_folder_info
read_scan_result_fat
save_scan_result_fat
set_fat_del_info_to_save

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81ce694558e5d77bc2fe8cd5ae38fb35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17Signer

Headers

File Characteristics

Imports

initialize

saveoperate

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 2.9MB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 16KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17
Signer

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 2.9MB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 16KB - Virtual size: 14KB