dd2c55b030659ba383ee9bc5bf438f5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd2c55b030659ba383ee9bc5bf438f5e_JaffaCakes118
Size

896KB
MD5

dd2c55b030659ba383ee9bc5bf438f5e
SHA1

5b9bfc5d4b877b77bd480c342c1472e9409f6b63
SHA256

4db151037e5548c12cb6faa218e9a6adec7330ae96418bbd15c8d912f544fc73
SHA512

85bbc780be3a97c7ffd9befafdb9ac85f4d1acbbfac4e9c88a12d6e36cb425c0c2aaf0cb87103d811f69712ea55399ab5dee407b5b12601813c6a6c57780e8f2
SSDEEP

6144:JHQGTRBAGJCO4nlgcE01DyaPDOxz/6pNuwjns+t0SrCTVM39uKR/s4DmpkGjbusL:xQGlm

Score

1^/10

Malware Config

Signatures

Files

dd2c55b030659ba383ee9bc5bf438f5e_JaffaCakes118
.exe windows:5 windows x64 arch:x64

402e36e74b13f2b11e563a339c8b3c0f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

29:65:d8:a9:bd:e7:f9:e2:07:9a:21:7f:32:ed:3a:69:7a:28:9f:ad
Signer

Actual PE Digest

29:65:d8:a9:bd:e7:f9:e2:07:9a:21:7f:32:ed:3a:69:7a:28:9f:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

t:\ime\x64\ship\0\imeklmg.pdb

Imports

user32

EnumWindows
GetWindowThreadProcessId
FindWindowW
PostMessageW
LoadKeyboardLayoutW
SystemParametersInfoW
EnumDesktopWindows
OpenDesktopW
GetForegroundWindow
GetClassNameW
CloseDesktop
UnloadKeyboardLayout

userenv

GetUserProfileDirectoryW

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegFlushKey
GetUserNameW

kernel32

GetCurrentProcessId
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareStringW
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileW
WideCharToMultiByte
GetModuleFileNameW
FormatMessageW
GetLastError
GetVersionExW
GetUserDefaultLCID
GetSystemDefaultLCID
WaitForSingleObject
CreateProcessW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
Sleep
OpenProcess
FreeLibrary
LoadLibraryW
GetTempPathW
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetCurrentThreadId
ExpandEnvironmentStringsW
LeaveCriticalSection
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
HeapAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeCriticalSection
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
DeleteCriticalSection
EnterCriticalSection

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance

psapi

EnumProcessModules
GetModuleBaseNameW

msvcr90

_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_exit
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
wcscpy_s
__C_specific_handler
__wgetmainargs
_amsg_exit
vswprintf_s
??_U@YAPEAX_K@Z
wcstok_s
??_V@YAXPEAX@Z
_wtoi
_wcsicmp
swscanf_s
memmove_s
wcscat_s
_encode_pointer
swprintf_s
memcpy
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??0exception@std@@QEAA@XZ
__CxxFrameHandler3
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
memset
_vsnwprintf_s
wcsncpy_s
wcsncat_s
_invalid_parameter_noinfo
_XcptFilter

msvcp90

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

402e36e74b13f2b11e563a339c8b3c0f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

29:65:d8:a9:bd:e7:f9:e2:07:9a:21:7f:32:ed:3a:69:7a:28:9f:adSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

userenv

advapi32

kernel32

ole32

psapi

msvcr90

msvcp90

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

�� Size: 512B - Virtual size: 460B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

29:65:d8:a9:bd:e7:f9:e2:07:9a:21:7f:32:ed:3a:69:7a:28:9f:ad
Signer

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

��
Size: 512B - Virtual size: 460B