061c65516e61f9458cb5aaa1411dc110_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

061c65516e61f9458cb5aaa1411dc110_JaffaCakes118
Size

3.9MB
MD5

061c65516e61f9458cb5aaa1411dc110
SHA1

d015223575a70366ef42a110118eff261edb8eba
SHA256

b84e6d326bf7bdff89c1fba8ca4dd22a012c3462f2292a0da6db69aa9d29b26e
SHA512

a2a529b01b4ecdd012a62eff9089393bb7d13c95c05f071257886d202573af99c2606ccbf5933206cc886d482c965f0e710253bb246d7645669f842a8087b2e9
SSDEEP

98304:iKMc6MvHvCaPF78oFKPupr4qe9nmBweyv5:i0VvCwInWpRe9nmieS

Score

1^/10

Malware Config

Signatures

Files

061c65516e61f9458cb5aaa1411dc110_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eadab9af41500db7da2e2bdd17c75fe6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:63:b3:a7:40:c1:cd:fd:f8:bb:9e:6c:33:1a:d7:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13-12-2017 00:00

Not After

07-01-2019 23:59

Subject

CN=Slimware Utilities Holdings\, Inc.,O=Slimware Utilities Holdings\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:bf:a6:1b:82:b8:0f:60:57:15:e4:8a:a1:0d:e1:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-12-2017 00:00

Not After

14-01-2020 23:59

Subject

CN=Slimware Utilities Holdings\, Inc.,O=Slimware Utilities Holdings\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:50:ac:59:23:5b:23:e4:8d:32:f7:2a:0c:eb:c8:bb:2a:97:bc:90:08:91:24:43:f6:d1:01:46:70:87:04:fb
Signer

Actual PE Digest

10:50:ac:59:23:5b:23:e4:8d:32:f7:2a:0c:eb:c8:bb:2a:97:bc:90:08:91:24:43:f6:d1:01:46:70:87:04:fb

Digest Algorithm

sha256

PE Digest Matches

true

5e:e6:b2:df:17:27:0f:8f:dc:4b:a8:99:ea:70:6a:5a:fb:51:f2:4a
Signer

Actual PE Digest

5e:e6:b2:df:17:27:0f:8f:dc:4b:a8:99:ea:70:6a:5a:fb:51:f2:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildAgent\work\9c641e03f62b1f21\bin\Release\SilentInstaller.pdb

Imports

kernel32

DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
WriteFile
CloseHandle
GetModuleHandleW
CreateFileW
SetFileAttributesW
LocalFree
SetLastError
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentThreadId
SetEvent
LoadLibraryW
GetCommandLineW
GetSystemDirectoryW
SetDllDirectoryW
LockResource
LoadResource
SizeofResource
GetFileSize
GetTickCount
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
FindResourceW
FindResourceExW
GetTempPathW
CreateDirectoryW
GetFileAttributesW
CopyFileW
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW
FreeLibrary
LoadLibraryExA
FlushFileBuffers
OutputDebugStringW
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
ReleaseMutex
WaitForSingleObject
CreateMutexW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

PostThreadMessageW

ole32

CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CoInitializeEx

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eadab9af41500db7da2e2bdd17c75fe6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:63:b3:a7:40:c1:cd:fd:f8:bb:9e:6c:33:1a:d7:deCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

38:bf:a6:1b:82:b8:0f:60:57:15:e4:8a:a1:0d:e1:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

10:50:ac:59:23:5b:23:e4:8d:32:f7:2a:0c:eb:c8:bb:2a:97:bc:90:08:91:24:43:f6:d1:01:46:70:87:04:fbSigner

5e:e6:b2:df:17:27:0f:8f:dc:4b:a8:99:ea:70:6a:5a:fb:51:f2:4aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 23KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:63:b3:a7:40:c1:cd:fd:f8:bb:9e:6c:33:1a:d7:de
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

38:bf:a6:1b:82:b8:0f:60:57:15:e4:8a:a1:0d:e1:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

10:50:ac:59:23:5b:23:e4:8d:32:f7:2a:0c:eb:c8:bb:2a:97:bc:90:08:91:24:43:f6:d1:01:46:70:87:04:fb
Signer

5e:e6:b2:df:17:27:0f:8f:dc:4b:a8:99:ea:70:6a:5a:fb:51:f2:4a
Signer

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 23KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 5KB