8a1e03355e08c2619cbeb15c74958aec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a1e03355e08c2619cbeb15c74958aec_JaffaCakes118
Size

8.8MB
MD5

8a1e03355e08c2619cbeb15c74958aec
SHA1

990ac29498f0efa61b61fa4792ea036d03af3f81
SHA256

6dc7d7b67b3fd1a1c71c776420d4d96102653f4e26bd2fb2821f836b58444350
SHA512

f01ddc6b580899ac006e02c616bd615ab50227c2f2499c35df378d9aea70a39f4a6998a45462c1d3638889bf13bac824132e82f8db9fda316fe27558c8cc0eb5
SSDEEP

196608:GcjxWsnaD6VmcTkp+lHQppwbiJdSbUq2M1sli9wYPD53k+7:G0WOaD6VgpgHVi+Uq2TlijPD53k+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GiAlbum_1.2/setup.exe

Files

8a1e03355e08c2619cbeb15c74958aec_JaffaCakes118
.rar
GiAlbum_1.2/Gialbum_1.msi
.msi
GiAlbum_1.2/setup.exe
.exe windows:5 windows x86 arch:x86

784112ee3c1da4bbf1f4ee95a0d306fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

CreateFileW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
SetFilePointer
HeapSetInformation
CreateEventA
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceA
GetVersionExA
CompareStringA
GetFileAttributesA
GetModuleFileNameA
DeleteFileA
MultiByteToWideChar
GetTempPathA
LocalFree
FormatMessageA
GetTimeFormatA
GetDateFormatA
CreateDirectoryA
CopyFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
GetCurrentProcess
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
Sleep
GetDiskFreeSpaceExA
IsValidCodePage
EndUpdateResourceA
DeleteCriticalSection
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrlenW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetTickCount
FindFirstFileA
FindNextFileA
GetTempFileNameA
FindClose
GetProcessHeap
UpdateResourceA
BeginUpdateResourceA
LoadLibraryA
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEndOfFile
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
HeapAlloc
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetLastError
GetProcAddress
FreeLibrary
WriteFile
LocalAlloc
InterlockedExchange
RaiseException
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter

gdi32

GetStockObject
GetObjectA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A

ole32

CoInitialize
CoUninitialize

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA
ShellExecuteExA

user32

ShowScrollBar
GetClientRect
SetClassLongA
LoadCursorA
SetCursor
SetWindowTextA
CreateDialogIndirectParamA
CreateDialogParamA
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
ScreenToClient
MoveWindow
LoadImageA
SetDlgItemTextA
SendMessageA
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SendDlgItemMessageA
GetWindowRect
SystemParametersInfoA
ExitWindowsEx
CharNextA
MessageBoxA
DrawTextW
GetSystemMetrics
GetDC
GetDialogBaseUnits
ReleaseDC
MessageBoxW
LoadIconA

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GiAlbum_1.2/vcredist_x86/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:5f:e0:1e:c6:75:3c:5d:95:1b:9f:44:98:07:5c:53:c7:32:67:37
Signer

Actual PE Digest

64:5f:e0:1e:c6:75:3c:5d:95:1b:9f:44:98:07:5c:53:c7:32:67:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

784112ee3c1da4bbf1f4ee95a0d306fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

ole32

shell32

user32

Sections

.text Size: 291KB - Virtual size: 290KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 17KB - Virtual size: 16KB

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

64:5f:e0:1e:c6:75:3c:5d:95:1b:9f:44:98:07:5c:53:c7:32:67:37Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ntdll

comctl32

shell32

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 68KB

.rsrc Size: 4.0MB - Virtual size: 5KB

.text
Size: 291KB - Virtual size: 290KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 17KB - Virtual size: 16KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

64:5f:e0:1e:c6:75:3c:5d:95:1b:9f:44:98:07:5c:53:c7:32:67:37
Signer

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 4.0MB - Virtual size: 5KB