c04cc44f6e715198296a66ebba9fdac9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c04cc44f6e715198296a66ebba9fdac9_JaffaCakes118
Size

234KB
MD5

c04cc44f6e715198296a66ebba9fdac9
SHA1

cd8d73e28697690a934ee44ae0f9d27ab6dac20e
SHA256

657508a7f14cc08a0dbeb02c86449e34bdf18ff0cd2453bb39b29eb757848a80
SHA512

900b0c002d05d64ce507f3e5beda7e101c847c5b95f99157d11f79aac464f81b74de0e44b1b242f4fdd36c9c993a823e07c30bc6471274517a724749aad105d3
SSDEEP

6144:fc7YnysGhs6z6AeolsJuobIzdudqZuEn1b6aAh4R07apkdzafMp:fc7Ynysks6uy2uLhudsuAbQw07i2zafM

Score

1^/10

Malware Config

Signatures

Files

c04cc44f6e715198296a66ebba9fdac9_JaffaCakes118
.zip

Password: infected
lnstall_2018.exe
.exe windows:5 windows x86 arch:x86

969b53ed188ddcab07d6a9a51069efc6

Code Sign

06:f0:47:88:03:10:55:d3:1d:ef:fe:fc:d0:26:d6:c5
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15-03-2017 00:00

Not After

20-03-2019 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,POSTALCODE=95110,STREET=345 Park Avenue,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ee:b0:7f:6d:d1:fc:0c:d1:44:87:c9:5e:0e:22:5f:d8:27:05:1c:be
Signer

Actual PE Digest

ee:b0:7f:6d:d1:fc:0c:d1:44:87:c9:5e:0e:22:5f:d8:27:05:1c:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
EndDialog
ScreenToClient

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCPInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
HeapSize
GetLocaleInfoW
SetStdHandle
RaiseException
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetProcAddress
CreateProcessA
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceA
lstrcpynA
LoadLibraryA
SetErrorMode
GetCommandLineA
GetTempPathA
SetFileTime
ExitProcess
CopyFileA
GetCurrentProcess
GetModuleFileNameA
GetFileSize
CreateFileA
GetTickCount
Sleep
SetFileAttributesA
CreateDirectoryA
GetLastError
InterlockedIncrement
InterlockedDecrement
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
RtlUnwind
GetModuleHandleA
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetTimeZoneInformation
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
ReadFile
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetConsoleCP

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

969b53ed188ddcab07d6a9a51069efc6

Code Sign

06:f0:47:88:03:10:55:d3:1d:ef:fe:fc:d0:26:d6:c5Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

ee:b0:7f:6d:d1:fc:0c:d1:44:87:c9:5e:0e:22:5f:d8:27:05:1c:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

version

kernel32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 6KB - Virtual size: 100KB

.rsrc Size: 9KB - Virtual size: 8KB

06:f0:47:88:03:10:55:d3:1d:ef:fe:fc:d0:26:d6:c5
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

ee:b0:7f:6d:d1:fc:0c:d1:44:87:c9:5e:0e:22:5f:d8:27:05:1c:be
Signer

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 6KB - Virtual size: 100KB

.rsrc
Size: 9KB - Virtual size: 8KB