44c2375f3d69ac3dedb54964ae0d8e82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44c2375f3d69ac3dedb54964ae0d8e82_JaffaCakes118
Size

326KB
MD5

44c2375f3d69ac3dedb54964ae0d8e82
SHA1

cac4b80f0a5e98ad68dd6e64217a3f8c61030dbf
SHA256

62c2b9d1a5920de556f46a6e993bdbcc026ed9400c78c58061d8f31205df58d5
SHA512

e2d9c3147dfc1cbc3cd69ca039e0cb6973b8ed0bcb3f2ccdf500e7c7ce9ebd33cd1922b4a343a1435124ebb235e0dcbf583cf6362b49d489f63be5c9afa75fec
SSDEEP

6144:m4u8gPQpk8byOe2DXAgD6yJOLNLKTYdVSHqiEVsu:mDrAk8byOe0AgDBJOL1KTgOEVsu

Score

1^/10

Malware Config

Signatures

Files

44c2375f3d69ac3dedb54964ae0d8e82_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dd19d1f0ffda5384bb572fd4e5082d7e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-02-2016 00:00

Not After

13-02-2019 12:00

Subject

CN=Tim Kosse,O=Tim Kosse,L=Köln,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-02-2016 00:00

Not After

13-02-2019 12:00

Subject

CN=Tim Kosse,O=Tim Kosse,L=Köln,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:87:cc:42:d5:d7:b7:3a:eb:dd:03:cf:1f:e6:22:91:2f:6c:e9:5c:d4:74:5f:06:cf:e0:ba:cf:d4:f9:f8:dc
Signer

Actual PE Digest

2b:87:cc:42:d5:d7:b7:3a:eb:dd:03:cf:1f:e6:22:91:2f:6c:e9:5c:d4:74:5f:06:cf:e0:ba:cf:d4:f9:f8:dc

Digest Algorithm

sha256

PE Digest Matches

false

09:89:60:55:90:1e:51:ef:22:ed:3e:5c:5d:3c:84:0d:94:dc:6b:4b
Signer

Actual PE Digest

09:89:60:55:90:1e:51:ef:22:ed:3e:5c:5d:3c:84:0d:94:dc:6b:4b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\muv.pdb

Imports

kernel32

SetInformationJobObject
lstrlenA
InterlockedDecrement
InitializeSListHead
FreeEnvironmentStringsA
GetUserDefaultLangID
GlobalAlloc
LoadLibraryW
ReadConsoleInputA
FreeConsole
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryA
HeapDestroy
SetConsoleCursorPosition
GetModuleFileNameW
GetOverlappedResult
GetStartupInfoA
GetCPInfoExW
GetLastError
GetProcAddress
VirtualAlloc
CreateNamedPipeA
MoveFileW
SetStdHandle
SearchPathA
GetPrivateProfileStringA
OpenMutexA
GetProfileStringA
PostQueuedCompletionStatus
FindAtomA
GetPrivateProfileStructA
SetSystemTime
SetEnvironmentVariableA
GetModuleFileNameA
WriteProfileStringA
WTSGetActiveConsoleSessionId
HeapSetInformation
GetCurrentDirectoryA
OutputDebugStringA
DeleteFileW
CloseHandle
CreateFileW
WideCharToMultiByte
GetCommandLineW
GetStartupInfoW
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InterlockedIncrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetModuleHandleW
SetLastError
RtlUnwind
HeapValidate
IsBadReadPtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
WriteFile
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
OutputDebugStringW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
RaiseException
FlushFileBuffers

winhttp

WinHttpReadData

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd19d1f0ffda5384bb572fd4e5082d7e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6fCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2b:87:cc:42:d5:d7:b7:3a:eb:dd:03:cf:1f:e6:22:91:2f:6c:e9:5c:d4:74:5f:06:cf:e0:ba:cf:d4:f9:f8:dcSigner

09:89:60:55:90:1e:51:ef:22:ed:3e:5c:5d:3c:84:0d:94:dc:6b:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winhttp

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 142KB - Virtual size: 4.3MB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 22KB - Virtual size: 22KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:bc:a2:f9:59:37:e3:f8:50:f5:46:b3:b6:0d:a8:6f
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2b:87:cc:42:d5:d7:b7:3a:eb:dd:03:cf:1f:e6:22:91:2f:6c:e9:5c:d4:74:5f:06:cf:e0:ba:cf:d4:f9:f8:dc
Signer

09:89:60:55:90:1e:51:ef:22:ed:3e:5c:5d:3c:84:0d:94:dc:6b:4b
Signer

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 142KB - Virtual size: 4.3MB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 22KB - Virtual size: 22KB