fec4b3e3111dd4e0fbf244b981021b92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fec4b3e3111dd4e0fbf244b981021b92_JaffaCakes118
Size

2.3MB
MD5

fec4b3e3111dd4e0fbf244b981021b92
SHA1

32f3955519edfe917ca7ea278f37a9e7a50bdc4e
SHA256

a3f6f5b830a727726ca8f24e038e11ad228e0165c6c7a5de4ecba2c42b81d04e
SHA512

b032a62f3c4ca442d8d7fea312eae317de0aa9c2173b753b694fbc0c16acb6bd8eb6ad04c188994aacc33a26f7f31b6364ad4166ed2d3fa568d9bbb378ef8813
SSDEEP

24576:BSM/dplpC60QeIoRmXVbxSucfT8VaosuKshNKlVSOWHkAuzSx7vWSuZHI+rkoCJ/:zlkAeIoru2+aoa3AuasiJtYgZqYV

Score

1^/10

Malware Config

Signatures

Files

fec4b3e3111dd4e0fbf244b981021b92_JaffaCakes118
.exe windows:6 windows x64 arch:x64

447754a160f489271e0fc7d01161140b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/09/2015, 00:00

Not After

02/09/2016, 23:59

Subject

CN=Autodesk\, Inc,OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/09/2015, 00:00

Not After

02/09/2016, 23:59

Subject

CN=Autodesk\, Inc,OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:5f:ce:08:53:0d:02:a7:11:91:be:4b:6b:70:47:86:31:77:5e:5f:ce:8a:d9:b0:54:de:a2:57:c4:a4:8f:62
Signer

Actual PE Digest

71:5f:ce:08:53:0d:02:a7:11:91:be:4b:6b:70:47:86:31:77:5e:5f:ce:8a:d9:b0:54:de:a2:57:c4:a4:8f:62

Digest Algorithm

sha256

PE Digest Matches

false

b4:bd:9b:39:e5:83:a0:6c:6c:9d:b0:ec:3c:f6:7d:db:bd:a7:39:88
Signer

Actual PE Digest

b4:bd:9b:39:e5:83:a0:6c:6c:9d:b0:ec:3c:f6:7d:db:bd:a7:39:88

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
Sleep
ResetEvent
CreateEventA
SetEvent
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
SleepEx
WriteFile
ReadFile
GetVolumeInformationA
GetDriveTypeA
DeviceIoControl
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
DuplicateHandle
CreateProcessA
RtlUnwindEx
HeapReAlloc
CreateFileW
GetFileType
GetModuleHandleW
FileTimeToLocalFileTime
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
MoveFileExW
GetFileAttributesExW
DeleteFileW
FindFirstFileExA
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetStdHandle
GetStartupInfoW
GetLocalTime
FatalAppExitA
GetProcessHeap
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetExitCodeProcess
CreatePipe
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
HeapSize
WriteConsoleW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetFullPathNameA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
UnlockFileEx
LockFileEx
OpenProcess
DeleteFileA
ReleaseSemaphore
CreateSemaphoreA
SetConsoleTitleA
GetProcessTimes
FormatMessageA
GetModuleFileNameW
GetTimeZoneInformation
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleHandleA
SetHandleInformation
SetErrorMode
GetVersion
GetTickCount
GetWindowsDirectoryA
GetEnvironmentStrings
lstrlenA
FreeEnvironmentStringsA
GetVersionExA
LoadLibraryA
GetProcAddress
GetConsoleCP
FreeLibrary

user32

GetWindowRect
GetDlgItem
SendMessageA
GetWindowLongA
MessageBeep
SetDlgItemTextA
GetDlgItemTextW
GetDlgItemTextA
EnableWindow
GetParent
GetFocus
SetFocus
GetActiveWindow
MessageBoxA
ScreenToClient
GetClientRect
GetSystemMetrics
wsprintfA
CreateDialogIndirectParamA
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
MoveWindow

netapi32

Netbios

advapi32

CloseServiceHandle
GetUserNameA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
QueryServiceStatus
OpenServiceA
OpenSCManagerA
StartServiceA
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterEventSourceA
DeregisterEventSource
ReportEventA
GetUserNameW

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

ioctlsocket
setsockopt
getsockopt
gethostbyname
getsockname
getprotobyname
__WSAFDIsSet
WSAStartup
htons
WSACleanup
htonl
inet_addr
inet_ntoa
send
recv
closesocket
WSAGetLastError
socket
connect
select

shell32

ord680

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx

ws2_32

getnameinfo
freeaddrinfo
getaddrinfo

shlwapi

PathRemoveBackslashW

dhcpcsvc

DhcpRequestParams

rpcrt4

UuidCreate

psapi

GetProcessMemoryInfo

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fnp_dir
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

447754a160f489271e0fc7d01161140b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bbCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

71:5f:ce:08:53:0d:02:a7:11:91:be:4b:6b:70:47:86:31:77:5e:5f:ce:8a:d9:b0:54:de:a2:57:c4:a4:8f:62Signer

b4:bd:9b:39:e5:83:a0:6c:6c:9d:b0:ec:3c:f6:7d:db:bd:a7:39:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

advapi32

comdlg32

comctl32

wsock32

shell32

oleaut32

ole32

ws2_32

shlwapi

dhcpcsvc

rpcrt4

psapi

Sections

.text Size: 744KB - Virtual size: 744KB

.textidx Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 167KB - Virtual size: 235KB

.pdata Size: 46KB - Virtual size: 45KB

.fnp_dir Size: 512B - Virtual size: 120B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 9KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

71:5f:ce:08:53:0d:02:a7:11:91:be:4b:6b:70:47:86:31:77:5e:5f:ce:8a:d9:b0:54:de:a2:57:c4:a4:8f:62
Signer

b4:bd:9b:39:e5:83:a0:6c:6c:9d:b0:ec:3c:f6:7d:db:bd:a7:39:88
Signer

.text
Size: 744KB - Virtual size: 744KB

.textidx
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 167KB - Virtual size: 235KB

.pdata
Size: 46KB - Virtual size: 45KB

.fnp_dir
Size: 512B - Virtual size: 120B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 9KB - Virtual size: 9KB