General

Malware Config

Signatures

Files

• b61b330f0ad589422d862cebf65e92c1_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  d826b15c5030046a95578a7afce08abb

  
  

  Code Sign

  02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2031 00:00

  Subject

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:96:68:03:48:26:df:47:e6:20:7e:c9:da:ed:57:c3

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  30-09-2020 00:00

  Not After

  21-07-2021 12:00

  Subject

  SERIALNUMBER=1107746685991,CN=CHOO FSP\, LLC,O=CHOO FSP\, LLC,L=Подолино,ST=Московская область,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  db:27:8c:b2:d1:9d:4b:b9:84:d1:24:db:c3:ef:a3:80:9a:77:b3:77

  Signer

  Actual PE Digest

  db:27:8c:b2:d1:9d:4b:b9:84:d1:24:db:c3:ef:a3:80:9a:77:b3:77

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  gdi32

  BitBlt

  CreateCompatibleBitmap

  CreateCompatibleDC

  DeleteDC

  DeleteObject

  GetStockObject

  SelectObject

  StretchDIBits

  kernel32

  AddAtomA

  CloseHandle

  CreateMutexA

  CreateSemaphoreA

  DeleteCriticalSection

  EnterCriticalSection

  ExitProcess

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindAtomA

  FindClose

  FindFirstFileA

  FormatMessageA

  GetAtomNameA

  GetCommandLineA

  GetCurrentThreadId

  GetLastError

  GetLocalTime

  GetLogicalDrives

  GetModuleFileNameA

  GetModuleHandleA

  GetProcAddress

  GetStartupInfoA

  InitializeCriticalSection

  InterlockedDecrement

  InterlockedIncrement

  LeaveCriticalSection

  LocalFree

  OutputDebugStringA

  QueryPerformanceCounter

  QueryPerformanceFrequency

  ReleaseMutex

  ReleaseSemaphore

  SetLastError

  SetUnhandledExceptionFilter

  Sleep

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  msvcrt

  _close

  _filelength

  _open

  _read

  _write

  __getmainargs

  __p__environ

  __p__fmode

  __set_app_type

  _cexit

  _errno

  _iob

  _onexit

  _setmode

  _stat

  abort

  atexit

  calloc

  fclose

  fgets

  fopen

  fputc

  fputs

  fread

  free

  fseek

  ftell

  fwrite

  malloc

  memchr

  realloc

  rewind

  signal

  strcmp

  strerror

  vfprintf

  user32

  BeginPaint

  CreateWindowExA

  DefWindowProcA

  DispatchMessageA

  EndPaint

  GetDC

  GetDesktopWindow

  GetKeyState

  GetMessageA

  GetSystemMetrics

  GetWindowRect

  LoadCursorA

  LoadIconA

  MessageBoxA

  MoveWindow

  PostQuitMessage

  RegisterClassA

  ReleaseDC

  SetActiveWindow

  SetWindowPos

  ShowWindow

  TranslateMessage

  UpdateWindow

  wsprintfA

  ntdll

  sprintf

  strncpy

  vsprintf

  strrchr

  strcpy

  strtoul

  strcat

  memmove

  ZwOpenSymbolicLinkObject

  Exports

  Exports

  CSBhvSWCvFRvfCfAoJdoFuAUmK

  Sections

  .text

  Size: 105KB - Virtual size: 105KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 19KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 84B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 507KB - Virtual size: 506KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /4

  Size: 512B - Virtual size: 416B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /19

  Size: 1024B - Virtual size: 1004B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /35

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /51

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /63

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /77

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /89

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /102

  Size: 512B - Virtual size: 427B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /113

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /124

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ