be9be43d4ba78dab39125bf0a1c6b60d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be9be43d4ba78dab39125bf0a1c6b60d_JaffaCakes118
Size

1.1MB
MD5

be9be43d4ba78dab39125bf0a1c6b60d
SHA1

d6cb52f19263f5351b79c72e79b734802c749988
SHA256

9d7fdbff038a26a2a05fcf0d9ca4eeaae493c352590e5fd393344d3f27455293
SHA512

b62370863aa26b79121f43519c71c43164d72eb83e9e77d49912fa40f05162af43675f7dba4dec8f9ccc80a537ab7351b28e2da6303daf6a0892abf5f11866fc
SSDEEP

12288:SqT1om7MxrLOXXlRT0SpOyLHHkA1pVr1z/xCy6W0voCo86Vb:SqxSxrLOnlNnpFHkA1pVpxCyqvoCohVb

Score

1^/10

Malware Config

Signatures

Files

be9be43d4ba78dab39125bf0a1c6b60d_JaffaCakes118
.dll windows:6 windows x64 arch:x64

e002eaa1382d9fe95c4d00aacdf360f1

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:42:c9:ed:66:60:3f:69
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/10/2018, 19:41

Not After

09/11/2020, 23:50

Subject

CN=Golden Software\, LLC,O=Golden Software\, LLC,L=Golden,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:86:23:f0:d7:2a:ba:b3:d8:0e:da:f1:3e:67:34:43:56:eb:87:1c:23:74:8e:7e:e3:0c:e5:93:3d:90:2e:97
Signer

Actual PE Digest

da:86:23:f0:d7:2a:ba:b3:d8:0e:da:f1:3e:67:34:43:56:eb:87:1c:23:74:8e:7e:e3:0c:e5:93:3d:90:2e:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate

netapi32

Netbios

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

wsock32

getsockname
bind
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
socket
gethostbyaddr
ntohs
inet_addr
ioctlsocket
htons
htonl
closesocket
WSAStartup
gethostbyname

kernel32

OutputDebugStringW
LoadLibraryW
SetEnvironmentVariableA
HeapReAlloc
FreeLibrary
GetProcAddress
LocalAlloc
LocalFree
GetFileSize
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryA
GetSystemDirectoryA
GetTempPathA
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileTime
SetFileTime
GetVersion
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetLastError
SetFileAttributesA
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
CreateFileA
GetFileAttributesA
RtlZeroMemory
FindClose
GetVersionExA
WideCharToMultiByte
WriteFile
GetEnvironmentVariableA
MultiByteToWideChar
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
DeviceIoControl
GetTickCount
DefineDosDeviceA
QueryDosDeviceA
SetLastError
FormatMessageA
lstrlenA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
MoveFileExA
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
HeapFree
HeapAlloc
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeW
GetFullPathNameA
GetSystemTimeAsFileTime
WriteConsoleW
GetFileAttributesExW
SetFileAttributesW
MoveFileExW
FileTimeToLocalFileTime
FindFirstFileExW
GetTimeZoneInformation
ReadFile
SetEndOfFile
GetProcessHeap
FindFirstFileExA
FindNextFileA
RtlLookupFunctionEntry
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
SetFilePointer
GetConsoleMode
ReadConsoleW
GetConsoleCP
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileInformationByHandle
PeekNamedPipe
SetFilePointerEx
SetStdHandle
HeapSize
GetStringTypeW

advapi32

RegQueryValueA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
SetNamedSecurityInfoA
SetEntriesInAclA
LookupPrivilegeValueA
FreeSid
AllocateAndInitializeSid
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetKeySecurity
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegCreateKeyA
RegSetValueA
CreateServiceW
SetFileSecurityW
RegEnumKeyExA

user32

wsprintfA
MessageBoxA

Exports

Exports

VLSgetLibInfo
sntlInitNetworkSystem
sntlInitStandaloneSystem
sntlSetPersistenceDevice

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e002eaa1382d9fe95c4d00aacdf360f1

Code Sign

07Certificate

Key Usages

b9:42:c9:ed:66:60:3f:69Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

da:86:23:f0:d7:2a:ba:b3:d8:0e:da:f1:3e:67:34:43:56:eb:87:1c:23:74:8e:7e:e3:0c:e5:93:3d:90:2e:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

netapi32

ole32

oleaut32

wsock32

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 768KB - Virtual size: 767KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 172KB - Virtual size: 284KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 6KB - Virtual size: 6KB

07
Certificate

b9:42:c9:ed:66:60:3f:69
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

da:86:23:f0:d7:2a:ba:b3:d8:0e:da:f1:3e:67:34:43:56:eb:87:1c:23:74:8e:7e:e3:0c:e5:93:3d:90:2e:97
Signer

.text
Size: 768KB - Virtual size: 767KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 172KB - Virtual size: 284KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 6KB - Virtual size: 6KB