c1254df871765bfc42230aedcaddb4d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1254df871765bfc42230aedcaddb4d8_JaffaCakes118
Size

910KB
MD5

c1254df871765bfc42230aedcaddb4d8
SHA1

1b699e0bec926edf81fb627562aa9d151e0e851b
SHA256

1b7e4e69e0899065036364c4341e867abee91dddd23c79ff4ab4ee4ade3555e8
SHA512

bc6c45c67c0919bf2582572ef3951a695d46d47bb06014b95710dfea0cba45073e3b5b92d5b78c351f08f532d2220b6f3407a5409bfc202be432f208aa5e0c96
SSDEEP

24576:+M6aPsVQGNofMuDarQGhee21TrldFpAtXyXGWoDN8Jk+c765gEf:xZW+e63

Score

1^/10

Malware Config

Signatures

Files

c1254df871765bfc42230aedcaddb4d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d1ad7b615f29ee8da4ad88156d1c31b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:d1:94:27:42:93:80:0f:af:1e:f7:79:88:63:50:7b:40:24:8f:94
Signer

Actual PE Digest

9c:d1:94:27:42:93:80:0f:af:1e:f7:79:88:63:50:7b:40:24:8f:94

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\test4\e91\Debug\e91.pdb

Imports

kernel32

GetLocalTime
GetProcAddress
LoadLibraryW
CompareStringW
CompareStringA
GetModuleHandleA
GetStartupInfoW
GetVersionExA
DebugBreak
RaiseException
LoadLibraryA
HeapFree
IsBadWritePtr
IsBadReadPtr
HeapValidate
HeapAlloc
GetCPInfo
ExitProcess
MultiByteToWideChar
GetStringTypeA
GetLastError
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
GetModuleFileNameA
WriteFile
GetProcessHeap
CloseHandle
FreeLibrary
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
VirtualAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
WideCharToMultiByte
InterlockedExchange
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoW
LCMapStringA
LCMapStringW
SetFilePointer
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA

ole32

CoTaskMemAlloc

Sections

.rda�89�
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1ad7b615f29ee8da4ad88156d1c31b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

9c:d1:94:27:42:93:80:0f:af:1e:f7:79:88:63:50:7b:40:24:8f:94Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

Sections

.rda�89� Size: 188KB - Virtual size: 184KB

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 148KB - Virtual size: 144KB

.data Size: 12KB - Virtual size: 66KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

9c:d1:94:27:42:93:80:0f:af:1e:f7:79:88:63:50:7b:40:24:8f:94
Signer

.rda�89�
Size: 188KB - Virtual size: 184KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 148KB - Virtual size: 144KB

.data
Size: 12KB - Virtual size: 66KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB