2b08650fdd24a3c8add8eeb8d9d79e63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b08650fdd24a3c8add8eeb8d9d79e63_JaffaCakes118
Size

1.7MB
MD5

2b08650fdd24a3c8add8eeb8d9d79e63
SHA1

389c3756ef5bc944bcffc5127cba5ee31778ed9a
SHA256

8a37be96e0182dbe892d2cdfe15ec6309d645326514a50f9eb3dc4698560d3c3
SHA512

560734bae1e8c6ea223558bada84bcc40d14ec09bb3e1c3a8434abaf7b8adc3b666e695171583afba145e26bee34c9b26ed216a4f0ccd3be8d3c08c0713aac1b
SSDEEP

24576:8xQUL4egKVAn3ceSt2R3TG4ESZoek3mfGsCP6+fXziMsQT7KcxDulMfqSzaW+a2d:T3eqAtGGeBWmfGrrfDi6TbSlJTnisV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keymaker.exe

Files

2b08650fdd24a3c8add8eeb8d9d79e63_JaffaCakes118
.rar
Keymaker.exe
.exe windows:4 windows x86 arch:x86

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileSectionA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

arn
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ownz
Size: 132KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

every1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

in
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0day
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

world!
Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
arn.nfo
te6.exe
.exe windows:1 windows x86 arch:x86

Code Sign

98:d7:22:c8:d1:4d:28:bf:90:7b:8d:c1:9c:32:79:78
Certificate

Issuer

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Not Before

11-12-2006 00:00

Not After

11-12-2007 23:59

Subject

CN=Acesoft.net,OU=Acesoft.net,O=Acesoft.net,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-08-2006 00:00

Not After

09-07-2019 18:40

Subject

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:e7:6c:d4:ef:fd:45:22:67:d2:9c:ba:18:20:de:0e:ac:0d:08:50
Signer

Actual PE Digest

da:e7:6c:d4:ef:fd:45:22:67:d2:9c:ba:18:20:de:0e:ac:0d:08:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

Imports

kernel32

Sections

arn Size: - Virtual size: 192KB

ownz Size: 132KB - Virtual size: 136KB

every1 Size: 4KB - Virtual size: 8KB

in Size: 39KB - Virtual size: 60KB

0day Size: 6KB - Virtual size: 6KB

world! Size: 6KB - Virtual size: 27KB

Code Sign

98:d7:22:c8:d1:4d:28:bf:90:7b:8d:c1:9c:32:79:78Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88Certificate

Extended Key Usages

Key Usages

da:e7:6c:d4:ef:fd:45:22:67:d2:9c:ba:18:20:de:0e:ac:0d:08:50Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

arn
Size: - Virtual size: 192KB

ownz
Size: 132KB - Virtual size: 136KB

every1
Size: 4KB - Virtual size: 8KB

in
Size: 39KB - Virtual size: 60KB

0day
Size: 6KB - Virtual size: 6KB

world!
Size: 6KB - Virtual size: 27KB

98:d7:22:c8:d1:4d:28:bf:90:7b:8d:c1:9c:32:79:78
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

da:e7:6c:d4:ef:fd:45:22:67:d2:9c:ba:18:20:de:0e:ac:0d:08:50
Signer

CODE
Size: 36KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB