3cd7ecbe8b3d89feb9b8b42aa44b4a1f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3cd7ecbe8b3d89feb9b8b42aa44b4a1f_JaffaCakes118
Size

469KB
MD5

3cd7ecbe8b3d89feb9b8b42aa44b4a1f
SHA1

3e9d02fedbbd79a5f880276731ad3d151ddfcadf
SHA256

29f3fd67099f204bbafa926bfe5dc822fc85bc8723c90d04cac8c953071879e5
SHA512

1625bad1d43214686b11921af2fd9298a717310dc43d1f2710467a95523f1c81b5cd17379f3c6a102085ccf801a9fcc04ec88574c8da03e4b8e3d1607180287c
SSDEEP

6144:zJc9GQbIP0oTTmIGmI1puCWvsR69rUyDlR5ZouwjNmE/rSk2RQejmy4/ciElRYw0:2j00IC1DWkR8UqB6rV6jakiVGPgB

Score

1^/10

Malware Config

Signatures

Files

3cd7ecbe8b3d89feb9b8b42aa44b4a1f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

06629b0be77fdef8d76b87a7a49ba0af

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ad:c6:48:4c:2d:cb:9a:42:4c:00:01:00:00:00:ad
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1c:a4:1e:3f:57:bf:75:70:00:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/12/2012, 22:31

Not After

17/03/2014, 22:31

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:eb:20:4d:1b:25:59:09:87:78:e2:ed:cc:79:4f:35:8d:91:28:8c:b1:d5:b9:25:ff:0a:e4:36:47:d2:ff:b7
Signer

Actual PE Digest

8a:eb:20:4d:1b:25:59:09:87:78:e2:ed:cc:79:4f:35:8d:91:28:8c:b1:d5:b9:25:ff:0a:e4:36:47:d2:ff:b7

Digest Algorithm

sha256

PE Digest Matches

true

91:f0:4c:75:87:2d:4b:4a:f1:bc:b8:31:8a:f6:3d:4a:d0:e1:75:a1
Signer

Actual PE Digest

91:f0:4c:75:87:2d:4b:4a:f1:bc:b8:31:8a:f6:3d:4a:d0:e1:75:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Elevated_MpMiniSigStub.pdb

Imports

kernel32

UnhandledExceptionFilter
GetTickCount
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
SetUnhandledExceptionFilter
ExitProcess
GetModuleHandleW
GetProcAddress
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
HeapAlloc
GetSystemWindowsDirectoryW
HeapFree
CreateDirectoryW
WaitForSingleObject
GetProcessHeap
WriteFile
GetSystemDirectoryW
LoadLibraryW
SizeofResource
GetExitCodeProcess
CreateFileW
GetLastError
GetCurrentDirectoryW
LockResource
SetCurrentDirectoryW
RemoveDirectoryW
CloseHandle
DeleteFileW
SetFileAttributesW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

ntdll

memset
DbgPrint
memcpy

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06629b0be77fdef8d76b87a7a49ba0af

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:ad:c6:48:4c:2d:cb:9a:42:4c:00:01:00:00:00:adCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:1c:a4:1e:3f:57:bf:75:70:00:00:00:00:00:00:1cCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

8a:eb:20:4d:1b:25:59:09:87:78:e2:ed:cc:79:4f:35:8d:91:28:8c:b1:d5:b9:25:ff:0a:e4:36:47:d2:ff:b7Signer

91:f0:4c:75:87:2d:4b:4a:f1:bc:b8:31:8a:f6:3d:4a:d0:e1:75:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 828B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 444KB - Virtual size: 444KB

.reloc Size: 1024B - Virtual size: 766B

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:ad:c6:48:4c:2d:cb:9a:42:4c:00:01:00:00:00:ad
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:1c:a4:1e:3f:57:bf:75:70:00:00:00:00:00:00:1c
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

8a:eb:20:4d:1b:25:59:09:87:78:e2:ed:cc:79:4f:35:8d:91:28:8c:b1:d5:b9:25:ff:0a:e4:36:47:d2:ff:b7
Signer

91:f0:4c:75:87:2d:4b:4a:f1:bc:b8:31:8a:f6:3d:4a:d0:e1:75:a1
Signer

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 828B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 444KB - Virtual size: 444KB

.reloc
Size: 1024B - Virtual size: 766B