a3c04f00c288ffbb707d8e2659bd44b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3c04f00c288ffbb707d8e2659bd44b3_JaffaCakes118
Size

596KB
MD5

a3c04f00c288ffbb707d8e2659bd44b3
SHA1

fb9fae7bc45802f14c89422fc4b01e1489fa7219
SHA256

2b3cda31fc5d130a82332b6b038a3d6551a91c143c91f20f1dd5352e6fde84ce
SHA512

e0da26d8d79c3e6fc9d033a933c61f03f1d5065439efd1c9ed06d7d0b576cf78040344010a3ab2435bee428bd1d530848df9423eac925b4f87d752191ed0951e
SSDEEP

12288:Xz9Tf5kocrI89NOTFjSp1Xsl//hNPljKiWypB9QdZSeXyUNGmJ:Xz9Tf5koOI8yFOslnvtOQbsS/UNGg

Score

1^/10

Malware Config

Signatures

Files

a3c04f00c288ffbb707d8e2659bd44b3_JaffaCakes118
.exe windows:6 windows x86 arch:x86

eaff52b8a979e09eeb9bfbb69fbfc47e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

09/02/2022, 12:00

Subject

CN=Corel Corporation,OU=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2019, 00:00

Not After

09/02/2022, 12:00

Subject

CN=Corel Corporation,OU=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:b5:7c:9f:0d:d2:3b:ed:68:1a:0f:08:33:61:f6:35:ed:31:90:d1:ed:12:78:67:e0:56:71:64:fd:ae:92:85
Signer

Actual PE Digest

e6:b5:7c:9f:0d:d2:3b:ed:68:1a:0f:08:33:61:f6:35:ed:31:90:d1:ed:12:78:67:e0:56:71:64:fd:ae:92:85

Digest Algorithm

sha256

PE Digest Matches

true

72:bc:a1:e0:d9:8f:fc:f6:e4:09:8f:09:46:9f:57:cc:8b:5d:61:4a
Signer

Actual PE Digest

72:bc:a1:e0:d9:8f:fc:f6:e4:09:8f:09:46:9f:57:cc:8b:5d:61:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
MoveFileExW
VerSetConditionMask
SetEvent
CreateEventA
GetCurrentProcess
LocalFree
VerifyVersionInfoW
LocalAlloc
GetFileAttributesW
lstrlenW
LoadLibraryW
IsDebuggerPresent
ExpandEnvironmentStringsW
WaitForSingleObject
GetCurrentProcessId
GetExitCodeProcess
FindClose
WaitForSingleObjectEx
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
LockResource
LoadResource
GetModuleFileNameW
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindResourceExW
IsValidCodePage
SetLastError
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
CloseHandle
GetTempPathW
GetTempFileNameW
DeleteFileW
DecodePointer
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetTickCount
FindResourceW
FindNextFileW
SizeofResource
Sleep
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetOEMCP
SetCurrentDirectoryW

user32

GetActiveWindow
SetTimer
KillTimer
SetWindowTextW
GetClientRect
GetWindowRect
CopyRect
SetWindowLongW
FindWindowW
DialogBoxParamW
GetMonitorInfoW
IsWindowVisible
GetForegroundWindow
GetDesktopWindow
GetShellWindow
GetClassNameW
ShowWindow
GetWindow
MonitorFromWindow
GetAncestor
SetWindowPos
EndDialog
MonitorFromPoint
IsWindow
GetDC
GetWindowLongW
RegisterWindowMessageW
SendMessageW
UnregisterClassW
CharNextW
GetLastInputInfo
GetTopWindow
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsChild
DestroyWindow
MoveWindow
GetDlgItem
SetFocus
GetFocus
GetKeyState
SetCapture
LoadCursorW
GetParent
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture

gdi32

GetDeviceCaps
DeleteDC
GetObjectW
SelectObject
GetStockObject
DeleteObject
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

shell32

ShellExecuteW

ole32

CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
OleInitialize
CLSIDFromString

oleaut32

SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SafeArrayGetUBound
VariantCopy
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SafeArrayCreate

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
ConvertStringSidToSidW
RegEnumKeyExW
LookupAccountSidW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

shlwapi

UrlEscapeW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest

wininet

HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetQueryDataAvailable
HttpQueryInfoW
InternetReadFile

urlmon

CoInternetSetFeatureEnabled

Exports

Exports

?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaff52b8a979e09eeb9bfbb69fbfc47e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

e6:b5:7c:9f:0d:d2:3b:ed:68:1a:0f:08:33:61:f6:35:ed:31:90:d1:ed:12:78:67:e0:56:71:64:fd:ae:92:85Signer

72:bc:a1:e0:d9:8f:fc:f6:e4:09:8f:09:46:9f:57:cc:8b:5d:61:4aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

wtsapi32

version

wintrust

crypt32

winhttp

wininet

urlmon

Exports

Exports

Sections

.text Size: 327KB - Virtual size: 326KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 14KB - Virtual size: 18KB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 22KB - Virtual size: 21KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:bf:3b:b9:74:d5:e1:73:60:c6:94:ee:28:63:cd:81
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e6:b5:7c:9f:0d:d2:3b:ed:68:1a:0f:08:33:61:f6:35:ed:31:90:d1:ed:12:78:67:e0:56:71:64:fd:ae:92:85
Signer

72:bc:a1:e0:d9:8f:fc:f6:e4:09:8f:09:46:9f:57:cc:8b:5d:61:4a
Signer

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 22KB - Virtual size: 21KB