d19bd6e0baa47bbb0cc8d86b49a3460b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d19bd6e0baa47bbb0cc8d86b49a3460b_JaffaCakes118
Size

170KB
MD5

d19bd6e0baa47bbb0cc8d86b49a3460b
SHA1

f294458bbd5fb605d6a843df06d38edebeb36efb
SHA256

aa9a506ca13d8d663c05f7455cf4f928713a925a44aeb6010cc96a079eefaf8a
SHA512

a43e11423696f2f370c6afa52285ea34179afb0c4492e9a996f35b06023dc0fbc740e5b2518fb5a88c026203699ca7bc1194dfc6a97828dc016d05be3eb2dced
SSDEEP

3072:7ntqV+hja0FlPwGJXzHEmpNXISfrNQv9w8ESYcZV/UUW3na4w:zgme03PwGJXYmpdISfr7S5VUUkc

Score

1^/10

Malware Config

Signatures

Files

d19bd6e0baa47bbb0cc8d86b49a3460b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a856cf20dbb24bc36575289835f06986

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

10-11-2016 11:27

Not After

11-11-2017 11:27

Subject

SERIALNUMBER=5147746267224,CN=For Ai Studio\, LLC,O=For Ai Studio\, LLC,STREET=d. 21 str. 1\, per. Perevedenovski,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.1=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:80:cf:e8:f8:23:57:5c:fe:97:38:b8:98:13:c2:33:7e:c6:65:47
Signer

Actual PE Digest

94:80:cf:e8:f8:23:57:5c:fe:97:38:b8:98:13:c2:33:7e:c6:65:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

map1.pdb

Imports

gdi32

GetCurrentObject
GetDeviceCaps

kernel32

GetSystemDefaultLCID
GetThreadLocale
GetUserDefaultLCID
GetProcessId
GetModuleHandleW
IsProcessorFeaturePresent
ExitProcess
ExitThread
GetConsoleWindow
CreateSemaphoreW
GetVersionExW
GetCompressedFileSizeA
LoadLibraryExA
lstrcpynA
InterlockedDecrement
SetProcessShutdownParameters
SetLocaleInfoA
GetProfileIntA
SetSystemPowerState
WritePrivateProfileStructW
ReadConsoleW
CreateWaitableTimerA
CopyFileW
PeekConsoleInputW
FreeConsole
GetLastError

user32

GetClassNameA
IsCharLowerA
GetShellWindow

msvcrt

memset

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EDRPART
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a856cf20dbb24bc36575289835f06986

Code Sign

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2Certificate

Extended Key Usages

Key Usages

94:80:cf:e8:f8:23:57:5c:fe:97:38:b8:98:13:c2:33:7e:c6:65:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

msvcrt

Sections

.text Size: 16KB - Virtual size: 12KB

EDRPART Size: 4KB - Virtual size: 2KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 12KB - Virtual size: 10KB

INIT Size: 4KB - Virtual size: 2KB

CODE Size: 32KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 1012B

04:00:00:00:00:01:21:58:53:08:a2
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2
Certificate

94:80:cf:e8:f8:23:57:5c:fe:97:38:b8:98:13:c2:33:7e:c6:65:47
Signer

.text
Size: 16KB - Virtual size: 12KB

EDRPART
Size: 4KB - Virtual size: 2KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 12KB - Virtual size: 10KB

INIT
Size: 4KB - Virtual size: 2KB

CODE
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 1012B