8ae15b41deb7b582defc7476b719828f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ae15b41deb7b582defc7476b719828f_JaffaCakes118
Size

21.7MB
MD5

8ae15b41deb7b582defc7476b719828f
SHA1

aa2f2c5dd40d1eca7ac521c950ef6f455053dbea
SHA256

89592ab8ac59be252f379242c64f302bff7b3c37512cff3955e3674cc664db23
SHA512

0e549a31335a29d3216d06396a98bc13dc847281951cb4292cd61f8c1d185fd7e367a038291f1fe64b4b7ad42d6ae2ef2c1ae0c239777fb09a94e5e8425d6d6d
SSDEEP

393216:gr5Z6HCTfVXkzG1dU7ZQs7Z4YcjlrPxrvmOtKOPYC5raN6rB3PiqMxoW4XVAt800:g5mckzAzXlrZ57AC8k1XMxKXt6B0

Score

1^/10

Malware Config

Signatures

Files

8ae15b41deb7b582defc7476b719828f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc880bdf69eb887e369c4aca78f31f40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

07/03/2016, 09:51

Not After

07/03/2017, 09:51

Subject

CN=新乡市鸿儒网络技术有限公司,O=新乡市鸿儒网络技术有限公司,L=新乡市,ST=河南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

07/03/2016, 09:51

Not After

07/03/2017, 09:51

Subject

CN=新乡市鸿儒网络技术有限公司,O=新乡市鸿儒网络技术有限公司,L=新乡市,ST=河南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a7:49:b6:60:0f:da:74:3b:39:9b:b3:70:62:f9:17:f2:fc:4e:1d:b6:33:1c:01:23:3b:76:fa:5a:89:9c:af:f4
Signer

Actual PE Digest

a7:49:b6:60:0f:da:74:3b:39:9b:b3:70:62:f9:17:f2:fc:4e:1d:b6:33:1c:01:23:3b:76:fa:5a:89:9c:af:f4

Digest Algorithm

sha256

PE Digest Matches

true

32:bc:5d:cc:0e:36:da:02:a3:8e:1c:05:e7:ab:43:1b:73:45:1a:94
Signer

Actual PE Digest

32:bc:5d:cc:0e:36:da:02:a3:8e:1c:05:e7:ab:43:1b:73:45:1a:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetSystemInfo
GetVersion
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
SizeofResource
SetLastError
SetFilePointer
SetEvent
ResetEvent
RemoveDirectoryW
ReadFile
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileSize
GetFileAttributesW
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCPInfo
FreeResource
FreeLibrary
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
EndUpdateResourceW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CloseHandle
BeginUpdateResourceW

msvcrt

memcpy

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc880bdf69eb887e369c4aca78f31f40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

a7:49:b6:60:0f:da:74:3b:39:9b:b3:70:62:f9:17:f2:fc:4e:1d:b6:33:1c:01:23:3b:76:fa:5a:89:9c:af:f4Signer

32:bc:5d:cc:0e:36:da:02:a3:8e:1c:05:e7:ab:43:1b:73:45:1a:94Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msvcrt

Sections

.text Size: 204KB - Virtual size: 204KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 17KB - Virtual size: 17KB

.bss Size: - Virtual size: 20KB

.idata Size: 3KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 200B

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 12KB - Virtual size: 12KB

.rsrc Size: 21.5MB - Virtual size: 21.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84
Certificate

19:c2:85:30:e9:3b:36
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

5c:cf:57:5d:94:ff:49:b4:20:13:f0:c4:d7:6b:b0:84
Certificate

19:c2:85:30:e9:3b:36
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

a7:49:b6:60:0f:da:74:3b:39:9b:b3:70:62:f9:17:f2:fc:4e:1d:b6:33:1c:01:23:3b:76:fa:5a:89:9c:af:f4
Signer

32:bc:5d:cc:0e:36:da:02:a3:8e:1c:05:e7:ab:43:1b:73:45:1a:94
Signer

.text
Size: 204KB - Virtual size: 204KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 17KB - Virtual size: 17KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 3KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 200B

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 21.5MB - Virtual size: 21.5MB