bdc31b71eb76a8356183a8716b3e036b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdc31b71eb76a8356183a8716b3e036b_JaffaCakes118
Size

1.0MB
MD5

bdc31b71eb76a8356183a8716b3e036b
SHA1

e0ae5fde5c74ef68092de47f83d6e42f00d7f252
SHA256

bbb7ae83a9922299538e33465a22fdc54ec6c15d6e9f0637c09d24c748848762
SHA512

32b58c14e5eb81370c9c8a3e64c6a4adeca1365edc4f31bc43c2970222e655b96fdc447506079c24ff08b5399977e8a6a9e5f9c6f68d88efa1850ba3fd6a4fa8
SSDEEP

12288:O+ZNW23hONrdvaMZ7qS+QNwV5mt8YoLR4nc4j3+e9NboreLljeoP4zkm:OEF3YN5lZ7qS+GwV5mt8Jw+e92reI/km

Score

1^/10

Malware Config

Signatures

Files

bdc31b71eb76a8356183a8716b3e036b_JaffaCakes118
.exe windows:5 windows x64 arch:x64

b7748ca565d2f80f5af9f01becdcab98

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:bd:77:77:d9:e2:e8:cb:1e:71:45:f2:09:6b:85:00:b7:17:29:5a
Signer

Actual PE Digest

c2:bd:77:77:d9:e2:e8:cb:1e:71:45:f2:09:6b:85:00:b7:17:29:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\build\slave\win\build\src\build\Release\nacl64_exe.pdb

Imports

kernel32

LocalAlloc
LoadLibraryA
ResumeThread
GetModuleHandleW
GetLongPathNameW
IsProcessInJob
GetCurrentProcessId
DuplicateHandle
OpenProcess
GetModuleFileNameW
GetTempPathW
GetLastError
GetEnvironmentVariableW
GetCommandLineW
GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
DebugActiveProcess
GetProcessId
GetUserDefaultLCID
GetUserDefaultLangID
LeaveCriticalSection
ReleaseSemaphore
GetCurrentThreadId
EnterCriticalSection
VirtualQuery
CreateFileW
RtlCaptureContext
DeleteCriticalSection
FreeLibrary
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
LocalFree
RaiseException
SetThreadPriority
IsDebuggerPresent
lstrlenW
SetInformationJobObject
VirtualQueryEx
HeapSetInformation
GetTickCount
GetModuleHandleExA
ReadFile
GetStdHandle
SetHandleInformation
GetSystemInfo
AssignProcessToJobObject
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
UnmapViewOfFile
GetFileAttributesW
SetCurrentDirectoryW
CreateProcessW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
SetLastError
QueryDosDeviceW
GetNativeSystemInfo
GetVersionExW
ReleaseMutex
CreateMutexW
SetFilePointer
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
GetLocaleInfoW
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemPowerStatus
RtlCaptureStackBackTrace
GetCurrentThread
UnregisterWaitEx
RegisterWaitForSingleObject
GetWindowsDirectoryW
GetSystemDirectoryW
ConnectNamedPipe
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFree
WriteProcessMemory
GetThreadContext
VirtualProtectEx
VirtualFreeEx
VirtualAllocEx
CreateJobObjectW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
SuspendThread
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
VirtualProtect
VirtualAlloc
SwitchToThread
FlushInstructionCache
ExitProcess
MapViewOfFileEx
GetSystemTime
PeekNamedPipe
DisconnectNamedPipe
GetNamedPipeHandleStateW
EncodePointer
DecodePointer
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetStartupInfoW
SetStdHandle
GetFileType
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetProcessHeap
ExitThread
CreateFileA
GetDriveTypeA
FindFirstFileExA
RtlPcToFileHeader
LCMapStringW
GetCPInfo
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
CreateRemoteThread
GetModuleHandleA
GetProcAddress

user32

PostQuitMessage
GetQueueStatus
DefWindowProcW
SetTimer
RegisterClassExW
WaitMessage
MsgWaitForMultipleObjectsEx
UnregisterClassW
CloseWindowStation
CloseDesktop
CreateWindowStationW
CallMsgFilterW
KillTimer
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
DestroyWindow
CreateWindowExW
TranslateMessage
DispatchMessageW
GetProcessWindowStation
PostMessageW
CharUpperW
MessageBoxW
PeekMessageW
WaitForInputIdle
wsprintfW
CreateDesktopW

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
GetTokenInformation
OpenProcessToken
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptSetHashParam
CryptHashData

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

accept
shutdown
select
gethostbyname
recv
closesocket
ntohs
listen
bind
setsockopt
htons
htonl
socket
WSACleanup
WSAStartup
send

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

ole32

CoTaskMemFree

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo
_ovly_debug_event
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7748ca565d2f80f5af9f01becdcab98

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

c2:bd:77:77:d9:e2:e8:cb:1e:71:45:f2:09:6b:85:00:b7:17:29:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

userenv

version

ws2_32

winmm

ole32

Exports

Exports

Sections

.text Size: 646KB - Virtual size: 645KB

.rdata Size: 234KB - Virtual size: 233KB

.data Size: 13KB - Virtual size: 256KB

.pdata Size: 37KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 29B

text Size: 1KB - Virtual size: 1KB

data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

c2:bd:77:77:d9:e2:e8:cb:1e:71:45:f2:09:6b:85:00:b7:17:29:5a
Signer

.text
Size: 646KB - Virtual size: 645KB

.rdata
Size: 234KB - Virtual size: 233KB

.data
Size: 13KB - Virtual size: 256KB

.pdata
Size: 37KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 29B

text
Size: 1KB - Virtual size: 1KB

data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB