b69bf6feaddca641162e0d965abba2f1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b69bf6feaddca641162e0d965abba2f1_JaffaCakes118
Size

121KB
MD5

b69bf6feaddca641162e0d965abba2f1
SHA1

085c91b428a3455437a96e117ac1dd956e5a6dab
SHA256

132b76dbddce181a1e011c999ce977239007158e6c8023b429a8e4bf2fad88b3
SHA512

f8614af45df69f378ab132453c884bc69326081d16e3fbfd15d9595a07908db8886967b4990fb04cdc38ae17b821176e4042f7782492f77127f45b60fb67e45d
SSDEEP

3072:ilppyRVoTpfWJBQ/z2xocxiNFF+4QdCSa2QNrI:syUTYDE6jxGPNQdE2EI

Score

1^/10

Malware Config

Signatures

Files

b69bf6feaddca641162e0d965abba2f1_JaffaCakes118
.exe windows:5 windows x64 arch:x64

9cc39a2c5b1ea15720b3fdba3ae72387

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25/02/2015, 09:23

Not After

26/02/2016, 09:23

Subject

CN=Lucuma,O=Lucuma,L=Hod Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:ea:98:92:98:21:01:a2:00:c1:a9:a2:61:a0:a9:39:e4:57:21:a8
Signer

Actual PE Digest

f4:ea:98:92:98:21:01:a2:00:c1:a9:a2:61:a0:a9:39:e4:57:21:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CharNextA
MessageBoxA

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
Sleep
GetCurrentProcessId
GetTickCount
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
GetCommandLineA
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetCurrentThreadId
LoadLibraryExW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
CancelIo
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
HeapReAlloc
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
GetOverlappedResult
CloseHandle
WriteFile
GetLastError
InitializeCriticalSectionAndSpinCount

advapi32

StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc39a2c5b1ea15720b3fdba3ae72387

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4bCertificate

Extended Key Usages

Key Usages

f4:ea:98:92:98:21:01:a2:00:c1:a9:a2:61:a0:a9:39:e4:57:21:a8Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 16KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

f4:ea:98:92:98:21:01:a2:00:c1:a9:a2:61:a0:a9:39:e4:57:21:a8
Signer

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB