4afcff25c2999aea5867ef2293c49f84_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4afcff25c2999aea5867ef2293c49f84_JaffaCakes118
Size

152KB
MD5

4afcff25c2999aea5867ef2293c49f84
SHA1

78adffb771b0f87e1fb4421736e33d25b51ca2dc
SHA256

208835301f329af44fffa01cd7d097cee304fdbdefec0fadc1480f9a1e9d1316
SHA512

12c9eab19e9a501764e458e207618b53c342d712c0475298dea1d400484da0dff9ca6fdafee6269a00b235a45790e68b69247523b4a4664dd15b9b27cb15e822
SSDEEP

3072:Wjg1HFZoauWRFCSMAwzzl1MIKQ+xhI5dBy/EsNf6V/1x6K:4aH7fWzzlh5s1R6V/1x6

Score

1^/10

Malware Config

Signatures

Files

4afcff25c2999aea5867ef2293c49f84_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bce7d88b372bda94d6a5c3cbd25381d9

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:4f:c5:64:5b:dd:8a:ab:af:31:b3:b1:86:6c:96:26:ea:06:c0:7a
Signer

Actual PE Digest

41:4f:c5:64:5b:dd:8a:ab:af:31:b3:b1:86:6c:96:26:ea:06:c0:7a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dssm.pdb

Imports

kernel32

GetFileAttributesW
CopyFileW
CreateFileW
GetFileAttributesExW
CreateEventW
SystemTimeToFileTime
FindFirstFileW
GetSystemTimeAsFileTime
CreateDirectoryW
InterlockedCompareExchange
MoveFileExW
GetFullPathNameW
RemoveDirectoryW
ReadFile
SetFilePointer
WriteFile
GetTempFileNameW
GetTempPathW
SetFileAttributesW
GetDriveTypeW
MapViewOfFile
CreateFileMappingA
SetLastError
ResetEvent
GetModuleHandleW
WaitForSingleObject
GetCurrentThreadId
InterlockedExchange
GetExitCodeThread
CreateThread
SetUnhandledExceptionFilter
GlobalFree
GlobalAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
DeleteFileW
CloseHandle
GetLastError
FindClose
SetEvent
UnmapViewOfFile
FileTimeToSystemTime
FindNextFileW
RaiseException
FreeLibrary
LocalAlloc
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
GetModuleFileNameW
LoadLibraryA
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
LoadLibraryExW

user32

PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
TranslateMessage
DispatchMessageW

advapi32

RegQueryValueExW
EncryptFileW
DecryptFileW
RegOpenKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey

ole32

CoDisconnectObject
CoTaskMemAlloc
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoRegisterClassObject
StringFromGUID2
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitialize
CoRegisterMessageFilter
CoResumeClassObjects
CreateStreamOnHGlobal
CoCreateInstance
CreateClassMoniker
GetRunningObjectTable

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

shlwapi

wnsprintfW

msvcrt

__CxxFrameHandler
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
memmove
_except_handler3
??1type_info@@UAE@XZ
_CxxThrowException
swprintf

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ejcgnvf
Size: - Virtual size:

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bce7d88b372bda94d6a5c3cbd25381d9

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

41:4f:c5:64:5b:dd:8a:ab:af:31:b3:b1:86:6c:96:26:ea:06:c0:7aSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

rpcrt4

iphlpapi

shlwapi

msvcrt

Sections

.text Size: 105KB - Virtual size: 105KB

.data Size: 512B - Virtual size: 1KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 44KB - Virtual size: 45KB

ejcgnvf Size: - Virtual size:

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

41:4f:c5:64:5b:dd:8a:ab:af:31:b3:b1:86:6c:96:26:ea:06:c0:7a
Signer

.text
Size: 105KB - Virtual size: 105KB

.data
Size: 512B - Virtual size: 1KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 44KB - Virtual size: 45KB

ejcgnvf
Size: - Virtual size: