d1b958de87834d0e55e29b5b8fba5ed9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d1b958de87834d0e55e29b5b8fba5ed9_JaffaCakes118
Size

568KB
MD5

d1b958de87834d0e55e29b5b8fba5ed9
SHA1

2081b505c11b8a1dd30b5e2f93374df6130c7e32
SHA256

5360f5d3b3c1d88f96ea3abd65c840e932ab3905e1d69af9dfad15ba655cc2d8
SHA512

e008823f0482e89793d0f1de63327c1fe970ca4c6bf2d30ff185a356ecfcd519b4db4c24abd37de1e088f9e97723b7573249610a9a7b7960d6adbe809d2f2ac3
SSDEEP

12288:cbE33Nl1j1GZngaQ+gva8WeNYpiNoESk4uNV2EqyL:533nB74yahnE/L

Score

1^/10

Malware Config

Signatures

Files

d1b958de87834d0e55e29b5b8fba5ed9_JaffaCakes118
.exe windows:6 windows x64 arch:x64

961ddf9e7e58d7f5a12b18942e3a8a2b

Code Sign

0f:a1:3a:e9:8e:17:ae:23:fc:fe:7a:e8:73:d0:c1:20
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/08/2020, 00:00

Not After

14/07/2021, 12:00

Subject

SERIALNUMBER=1045002450350,CN=KLAKSON\, LLC,O=KLAKSON\, LLC,L=Balashikha,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:43:5d:98:51:01:e1:a8:82:c9:21:6f:10:35:e6:cf:1c:f9:c3:84
Signer

Actual PE Digest

d8:43:5d:98:51:01:e1:a8:82:c9:21:6f:10:35:e6:cf:1c:f9:c3:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
VirtualAlloc
Sleep
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GetSystemInfo
GetWindowsDirectoryA
GetTickCount
IsDebuggerPresent
OutputDebugStringA
WaitForSingleObject
HeapCreate
HeapFree
SetLastError
WaitForMultipleObjects
ResumeThread
ExitThread
GetLastError
SetEvent
CloseHandle
CreateThread
HeapAlloc
CreateEventA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
LocalFree

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString

msvcp140

_Xtime_get_ticks
?_Random_device@std@@YAIXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memcpy
memmove
__std_terminate
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memcmp
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strcat_s
strcpy_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_c_exit
_crt_atexit
terminate
exit
_cexit
_invalid_parameter_noinfo_noreturn
_exit
_seh_filter_exe
_initterm_e
_register_onexit_function
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_set_app_type

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

961ddf9e7e58d7f5a12b18942e3a8a2b

Code Sign

0f:a1:3a:e9:8e:17:ae:23:fc:fe:7a:e8:73:d0:c1:20Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

d8:43:5d:98:51:01:e1:a8:82:c9:21:6f:10:35:e6:cf:1c:f9:c3:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 218KB - Virtual size: 217KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 265KB - Virtual size: 272KB

.pdata Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 64B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 96B

0f:a1:3a:e9:8e:17:ae:23:fc:fe:7a:e8:73:d0:c1:20
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

d8:43:5d:98:51:01:e1:a8:82:c9:21:6f:10:35:e6:cf:1c:f9:c3:84
Signer

.text
Size: 218KB - Virtual size: 217KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 265KB - Virtual size: 272KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 64B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 96B