faec0c6eb3554bbefb3e9b897fb782e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

faec0c6eb3554bbefb3e9b897fb782e7_JaffaCakes118
Size

16.4MB
MD5

faec0c6eb3554bbefb3e9b897fb782e7
SHA1

30d8f73fd7ec0f2e198172286c46d13eb5aeb75c
SHA256

95199f2508e014b18246c243ce0cb4a72707112cd0a8f248bbda0ffc8704fe46
SHA512

29227430f844386ad62b7f4e94ba79c816aa23f4519c5a8301aaba3c04f471ed9caa6f0605ba6df64f6b7d1a1b8716c83802eb94f3015c82cb630859921ea26e
SSDEEP

393216:/mJfbq+0kMHfQOTFkyGY2FSXrpTA3w1YoyKWNtEy/ll/6ez:wr0kMHoiFkXYeSX1TMwaon2Syn6ez

Score

1^/10

Malware Config

Signatures

Files

faec0c6eb3554bbefb3e9b897fb782e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd8ba3ee73447b34b0eb88e0d73c6752

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/06/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:12:01:71:64:6a:52:1d:a7:26:6e:8b:0d:21:cb:bd:5f:b2:ea:e1:76:77:da:7d:0a:4c:34:6e:7e:34:bc:ee
Signer

Actual PE Digest

ea:12:01:71:64:6a:52:1d:a7:26:6e:8b:0d:21:cb:bd:5f:b2:ea:e1:76:77:da:7d:0a:4c:34:6e:7e:34:bc:ee

Digest Algorithm

sha256

PE Digest Matches

true

21:db:5b:75:41:94:f1:d8:a3:ce:ef:30:fc:bf:7a:05:30:ff:06:bb
Signer

Actual PE Digest

21:db:5b:75:41:94:f1:d8:a3:ce:ef:30:fc:bf:7a:05:30:ff:06:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
TerminateThread
WaitForSingleObject
ResumeThread
SuspendThread
CreateThread
lstrlenA
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileSize
CreateFileA
lstrcatA
GetModuleFileNameA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetVersionExA
SetFileAttributesA
CreateDirectoryA
GetTempPathA
WriteFile
ReadFile
SetFilePointer
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
GetACP
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetFileTime
CreateFileW
GetCommandLineA
SetFileAttributesW
GetFileAttributesA
CreateDirectoryW
DeleteFileW
GetCurrentThreadId
FindFirstFileW
SetEndOfFile
GetSystemInfo
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
lstrcpyA
SetLastError
lstrcpynA
HeapSize
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
Sleep
RtlUnwind
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
TlsSetValue
ExitThread
GetVersion
ExitProcess
GetCPInfo
GetOEMCP
TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
HeapDestroy

user32

CharUpperW
CharUpperA
wsprintfA
LoadStringA
SetWindowTextA
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
SendMessageA
ShowWindow
GetDlgItem
IsWindowVisible
KillTimer
EnableWindow
EndDialog
SetTimer
DialogBoxParamA
PostMessageA
CharNextA
MessageBoxA

gdi32

DeleteObject
CreateFontA

oleaut32

SysFreeString
VariantClear
SysAllocString

comctl32

ord17

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd8ba3ee73447b34b0eb88e0d73c6752

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

ea:12:01:71:64:6a:52:1d:a7:26:6e:8b:0d:21:cb:bd:5f:b2:ea:e1:76:77:da:7d:0a:4c:34:6e:7e:34:bc:eeSigner

21:db:5b:75:41:94:f1:d8:a3:ce:ef:30:fc:bf:7a:05:30:ff:06:bbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

comctl32

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 52KB - Virtual size: 49KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

ea:12:01:71:64:6a:52:1d:a7:26:6e:8b:0d:21:cb:bd:5f:b2:ea:e1:76:77:da:7d:0a:4c:34:6e:7e:34:bc:ee
Signer

21:db:5b:75:41:94:f1:d8:a3:ce:ef:30:fc:bf:7a:05:30:ff:06:bb
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 52KB - Virtual size: 49KB