8d3d0c1cc91485ef3a86e16df0444261_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d3d0c1cc91485ef3a86e16df0444261_JaffaCakes118
Size

205KB
MD5

8d3d0c1cc91485ef3a86e16df0444261
SHA1

b0950388e78977f430663e82e8022defbfcd193f
SHA256

b55d27c3840e7272b97f91d70670fa79cb0b88a1dff3281da80f1074e2978969
SHA512

22dcccf60c1469e4bc03a2500e2e25aa6eb0e4b2c2ae2fa84ad461a2291b5ac0cfac6f36b4d8d0086795e86385f548ab654c8e8afd710b9daa78dba23bf9b32e
SSDEEP

6144:XJLZC56a9dOgrTljGIhnxupiZuo47KmcxeSO:65r9tjObccS

Score

1^/10

Malware Config

Signatures

Files

8d3d0c1cc91485ef3a86e16df0444261_JaffaCakes118
.exe windows:5 windows x64 arch:x64

684c58991050f2696dc6a062c661b8db

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:19:6f:b0:c4:1a:05:1a:8b:d5:7e:20:32:f8:9a:49:fd:b6:72:61
Signer

Actual PE Digest

d5:19:6f:b0:c4:1a:05:1a:8b:d5:7e:20:32:f8:9a:49:fd:b6:72:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Project\driverinstaller\InfInstaller\x64\Release\InfInstallerx64.pdb

Imports

shlwapi

PathFileExistsA

setupapi

SetupDiGetDeviceRegistryPropertyA
CM_Locate_DevNodeA
SetupDiRemoveDevice
CM_Reenumerate_DevNode
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

SetEndOfFile
CreateFileW
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
CreateFileA
RtlVirtualUnwind
PeekNamedPipe
WaitForSingleObject
CreateProcessA
ReadFile
GetLastError
GetProcAddress
RemoveDirectoryA
GetPrivateProfileStringA
LocalAlloc
GetSystemInfo
CreatePipe
GetModuleHandleA
CloseHandle
LocalFree
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
FindClose
GetCommandLineA
GetCPInfo
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
GetModuleHandleW
ExitProcess
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
LoadLibraryW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

684c58991050f2696dc6a062c661b8db

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

d5:19:6f:b0:c4:1a:05:1a:8b:d5:7e:20:32:f8:9a:49:fd:b6:72:61Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

setupapi

advapi32

kernel32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

d5:19:6f:b0:c4:1a:05:1a:8b:d5:7e:20:32:f8:9a:49:fd:b6:72:61
Signer

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB