b1c4b8863f1811a10631204476f8fe5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1c4b8863f1811a10631204476f8fe5b_JaffaCakes118
Size

4.7MB
MD5

b1c4b8863f1811a10631204476f8fe5b
SHA1

6ece84fec83f11bcea72ba49f546fbb2002ff213
SHA256

04a3593c270a7fd6982fae001c575fe9c7374f9af6727875733436e70e19d703
SHA512

ff78f60560f79416ed78c30b9beaffba826657a66ab7f7ce6900eef1fc21613a70542436ce28170eef38c7fbff632456a28a0e77a5707184622b535fca43bd6e
SSDEEP

49152:ASHmPdoA0r+tMsayWR48rrUILk7DS8MooFxgUE5LzS1N8cjIrm:A0A0r+tMz48rrUILk7DS5oq8lcX

Score

1^/10

Malware Config

Signatures

Files

b1c4b8863f1811a10631204476f8fe5b_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7efc24efe62bb4a2a70275aa3f6cef3c

Code Sign

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/03/2018, 00:00

Not After

13/03/2019, 23:59

Subject

CN=Apps Delivered Ltd,O=Apps Delivered Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/03/2018, 00:00

Not After

13/03/2019, 23:59

Subject

CN=Apps Delivered Ltd,O=Apps Delivered Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:79:b8:20:16:74:0a:a9:9d:db:0b:4e:12:c5:3b:52:4f:36:e3:fe:67:42:91:4a:5a:07:16:95:48:52:15:b9
Signer

Actual PE Digest

33:79:b8:20:16:74:0a:a9:9d:db:0b:4e:12:c5:3b:52:4f:36:e3:fe:67:42:91:4a:5a:07:16:95:48:52:15:b9

Digest Algorithm

sha256

PE Digest Matches

true

88:1d:0a:7b:dc:c8:60:a1:de:1d:bd:7e:c4:67:9d:81:e5:84:8d:ca
Signer

Actual PE Digest

88:1d:0a:7b:dc:c8:60:a1:de:1d:bd:7e:c4:67:9d:81:e5:84:8d:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
recv
WSAGetLastError
send
getsockopt
WSASetLastError
socket
bind
setsockopt
getsockname
ntohs
htons
connect
WSAIoctl
ntohl
gethostname
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
select
__WSAFDIsSet
htonl
listen
accept
WSAStartup
WSACleanup
getpeername

wtsapi32

WTSCloseServer
WTSEnumerateProcessesA
WTSEnumerateServersA
WTSEnumerateSessionsA
WTSOpenServerA
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSSendMessageA
WTSVirtualChannelClose
WTSVirtualChannelWrite

rpcrt4

NdrNsSendReceive
NdrRpcSmClientAllocate
I_RpcServerCheckClientRestriction
NdrConvert2
RpcMgmtInqServerPrincNameW

crypt32

CertFreeCertificateChain
CertOpenStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertFindExtension
CryptStringToBinaryA
CryptDecodeObjectEx
CryptQueryObject
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertFindCertificateInStore

wldap32

ord301
ord27
ord211
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord217
ord35
ord32
ord200
ord46
ord45

normaliz

IdnToUnicode
IdnToAscii

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
CreateEventW
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
IsValidCodePage
GetACP
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetSystemTimeAsFileTime
GetCommandLineA
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CreateFileW
GetStringTypeW
GetOEMCP
GetLastError
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetCurrentProcessId
CreateFileA
WriteFile
ReadFile
GetFileSize
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
MultiByteToWideChar
SleepEx
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteFileW
GetTickCount
Sleep
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
GetEnvironmentVariableA
FormatMessageA
SetLastError
VerSetConditionMask
VerifyVersionInfoA
WaitForSingleObjectEx
CloseHandle
MoveFileExA
GetFileSizeEx
OutputDebugStringW
IsDebuggerPresent
SetStdHandle
SetConsoleCtrlHandler
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThread
EncodePointer
GetModuleFileNameW
ReadConsoleW
FindClose
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
GetTimeZoneInformation
WriteConsoleW
SetEndOfFile
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
SetEnvironmentVariableA
IsProcessorFeaturePresent
QueryPerformanceCounter

user32

GetLastActivePopup
GetRawInputBuffer
SetLayeredWindowAttributes
UnregisterClassA
AppendMenuW
DispatchMessageA

gdi32

CloseMetaFile
GetArcDirection

advapi32

CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
SetPrivateObjectSecurityEx
RegQueryReflectionKey
RegLoadMUIStringW
RegCopyTreeA
ObjectDeleteAuditAlarmA
InitiateShutdownA
GetTrusteeNameA
EventRegister
CredWriteW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash

imagehlp

ImageGetCertificateHeader
SymMatchFileName

oleacc

AccessibleObjectFromPoint

Sections

.text
Size: 937KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.siiv34
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gghud2
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jtwwmp
Size: 1024B - Virtual size: 913B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fetyzs
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.igbysi
Size: 512B - Virtual size: 243B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hafcfp
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uvp34n
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.e95ly8
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oi5eps
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7efc24efe62bb4a2a70275aa3f6cef3c

Code Sign

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:ddCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:ddCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

33:79:b8:20:16:74:0a:a9:9d:db:0b:4e:12:c5:3b:52:4f:36:e3:fe:67:42:91:4a:5a:07:16:95:48:52:15:b9Signer

88:1d:0a:7b:dc:c8:60:a1:de:1d:bd:7e:c4:67:9d:81:e5:84:8d:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

rpcrt4

crypt32

wldap32

normaliz

kernel32

user32

gdi32

advapi32

imagehlp

oleacc

Sections

.text Size: 937KB - Virtual size: 937KB

.siiv34 Size: 512B - Virtual size: 265B

.gghud2 Size: 1024B - Virtual size: 974B

.jtwwmp Size: 1024B - Virtual size: 913B

.fetyzs Size: 1KB - Virtual size: 1KB

.igbysi Size: 512B - Virtual size: 243B

.hafcfp Size: 9KB - Virtual size: 8KB

.uvp34n Size: 9KB - Virtual size: 9KB

.e95ly8 Size: 3KB - Virtual size: 2KB

.oi5eps Size: 2KB - Virtual size: 2KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 59KB - Virtual size: 71KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 35KB - Virtual size: 34KB

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:dd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

15:b3:52:45:00:7a:cc:99:78:c7:3e:7c:70:8b:b9:dd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

33:79:b8:20:16:74:0a:a9:9d:db:0b:4e:12:c5:3b:52:4f:36:e3:fe:67:42:91:4a:5a:07:16:95:48:52:15:b9
Signer

88:1d:0a:7b:dc:c8:60:a1:de:1d:bd:7e:c4:67:9d:81:e5:84:8d:ca
Signer

.text
Size: 937KB - Virtual size: 937KB

.siiv34
Size: 512B - Virtual size: 265B

.gghud2
Size: 1024B - Virtual size: 974B

.jtwwmp
Size: 1024B - Virtual size: 913B

.fetyzs
Size: 1KB - Virtual size: 1KB

.igbysi
Size: 512B - Virtual size: 243B

.hafcfp
Size: 9KB - Virtual size: 8KB

.uvp34n
Size: 9KB - Virtual size: 9KB

.e95ly8
Size: 3KB - Virtual size: 2KB

.oi5eps
Size: 2KB - Virtual size: 2KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 59KB - Virtual size: 71KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 35KB - Virtual size: 34KB