fed2cfb2457b5e8406b460897a1d05a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fed2cfb2457b5e8406b460897a1d05a5_JaffaCakes118
Size

691KB
MD5

fed2cfb2457b5e8406b460897a1d05a5
SHA1

c33fd63ea6efd8414f884b3e697d8c113089d58a
SHA256

c983fcd9d602de2f2613ba3825cf19d0b3f7ee36d5f647be61c9342d1a544b96
SHA512

c25342e63e856befbea32077226150307664e1f6f309abd987b85b7bf0fec1c8a74f5f30ae78d952a28a8ada5d74a02d0dea906ce8324e7bd6edc1070970572f
SSDEEP

12288:NcoTk3+yeM1488sGlJuZ7XaT5OYaAG4TSY6ueio/YEIr2ljf5FaIiG3rVff9sxf5:qoTK+yjv5iWEEIaH3rV3JD1nSEgPhSu

Score

1^/10

Malware Config

Signatures

Files

fed2cfb2457b5e8406b460897a1d05a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37c40e7cfd8086d15db56156c8f87459

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/09/2019, 00:00

Not After

22/09/2020, 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/09/2019, 00:00

Not After

22/09/2020, 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:fc:9d:3e:13:17:99:84:49:4a:45:41:6a:86:a5:ab:0f:64:73:48:1b:b5:54:c6:b2:2d:e6:3c:18:2a:49:ef
Signer

Actual PE Digest

84:fc:9d:3e:13:17:99:84:49:4a:45:41:6a:86:a5:ab:0f:64:73:48:1b:b5:54:c6:b2:2d:e6:3c:18:2a:49:ef

Digest Algorithm

sha256

PE Digest Matches

true

e4:30:7b:f6:db:83:7d:86:cc:43:96:ad:11:d3:ca:a4:5a:4e:38:90
Signer

Actual PE Digest

e4:30:7b:f6:db:83:7d:86:cc:43:96:ad:11:d3:ca:a4:5a:4e:38:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\AzureDevOps\Apollo\FloraUtilities\Release\TipsPlus2.pdb

Imports

kernel32

WaitForSingleObject
CreateThread
ExitProcess
FlushFileBuffers
ExpandEnvironmentStringsA
LocalFree
ResumeThread
CreateProcessW
GetTickCount
GetModuleHandleA
OpenProcess
FindFirstFileW
WriteFile
WaitForMultipleObjects
ReadFile
IsBadReadPtr
FreeLibrary
GetProcessHeap
GetProcAddress
InterlockedIncrement
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
HeapAlloc
LoadLibraryA
SetLastError
HeapFree
InterlockedDecrement
DeleteCriticalSection
DecodePointer
RaiseException
GetLocalTime
DeleteFileW
CreateFileW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetModuleHandleW
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
GetFileAttributesW
GetCommandLineW
FindFirstFileExA
FindClose
GetTimeZoneInformation
GetFileAttributesExW
GetConsoleMode
GetConsoleCP
WaitForSingleObjectEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
GetACP
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSection
OutputDebugStringW
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
GetFileType
GetStdHandle
PeekNamedPipe
RtlUnwind

user32

LoadCursorW
LoadIconW
SetWindowLongW
GetClientRect
RegisterClassW
GetMonitorInfoW
SetTimer
UpdateWindow
PostQuitMessage
TranslateMessage
KillTimer
RegisterClassExW
GetWindowLongW
GetMessageW
DefWindowProcW
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
MonitorFromWindow
CreateWindowExW
ShowWindow
DispatchMessageW

gdi32

GetStockObject

advapi32

RegOpenCurrentUser
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleSetContainedObject
CoGetClassObject
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

ws2_32

WSAIoctl
ntohl
htonl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt

shlwapi

StrCpyW
PathFindFileNameW
StrStrW

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord143
ord46
ord211

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37c40e7cfd8086d15db56156c8f87459

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

84:fc:9d:3e:13:17:99:84:49:4a:45:41:6a:86:a5:ab:0f:64:73:48:1b:b5:54:c6:b2:2d:e6:3c:18:2a:49:efSigner

e4:30:7b:f6:db:83:7d:86:cc:43:96:ad:11:d3:ca:a4:5a:4e:38:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

wldap32

Sections

.text Size: 490KB - Virtual size: 489KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 4KB - Virtual size: 91KB

.gfids Size: 1024B - Virtual size: 760B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 26KB - Virtual size: 25KB

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

84:fc:9d:3e:13:17:99:84:49:4a:45:41:6a:86:a5:ab:0f:64:73:48:1b:b5:54:c6:b2:2d:e6:3c:18:2a:49:ef
Signer

e4:30:7b:f6:db:83:7d:86:cc:43:96:ad:11:d3:ca:a4:5a:4e:38:90
Signer

.text
Size: 490KB - Virtual size: 489KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 4KB - Virtual size: 91KB

.gfids
Size: 1024B - Virtual size: 760B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 26KB - Virtual size: 25KB