JaffaCakes118_faf94b3ba043e0d4b7463497b69690938f8ecaac9f65fb972b5b1f6bfb51eca8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_faf94b3ba043e0d4b7463497b69690938f8ecaac9f65fb972b5b1f6bfb51eca8
Size

207KB
MD5

2355b4e101f8fe2c7b1f40411d829528
SHA1

a1537f2354c7b713f65c36cabd753695eb39cb70
SHA256

faf94b3ba043e0d4b7463497b69690938f8ecaac9f65fb972b5b1f6bfb51eca8
SHA512

6d709d342d02ecfaaed7f9410e198ad1ed1e8c6059239a7adc45d0c7bd1cfeabd2f1c1e04ee87cbda02903df64d72490d40a176e7e8ce35ee498b211f7e9287f
SSDEEP

3072:Dg+aDNxs1EvzE6HuhR+pU0G9LBt9GJ7Do3jL+sohSyUDE6hcjjd8o:EdDNxsa7HHuhI6Vf9Ghk+souqHd

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_faf94b3ba043e0d4b7463497b69690938f8ecaac9f65fb972b5b1f6bfb51eca8
.zip

Password: infected
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278
.exe windows:5 windows x86 arch:x86

85bc386bd6a1f821258a1c9abc71d3dd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-06-2018 00:00

Not After

11-06-2021 12:00

Subject

CN=AVG Technologies USA\, Inc.,O=AVG Technologies USA\, Inc.,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-06-2018 00:00

Not After

11-06-2021 12:00

Subject

CN=AVG Technologies USA\, Inc.,O=AVG Technologies USA\, Inc.,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:12:51:47:45:cf:54:dd:66:02:e2:05:35:1c:97:c7:7c:bf:e1:84:43:f2:7d:c1:d5:2d:57:d4:01:e4:d6:c0
Signer

Actual PE Digest

c5:12:51:47:45:cf:54:dd:66:02:e2:05:35:1c:97:c7:7c:bf:e1:84:43:f2:7d:c1:d5:2d:57:d4:01:e4:d6:c0

Digest Algorithm

sha256

PE Digest Matches

false

41:c0:89:ef:df:e4:88:80:32:55:bf:b4:a7:aa:42:0b:f2:93:5e:4c
Signer

Actual PE Digest

41:c0:89:ef:df:e4:88:80:32:55:bf:b4:a7:aa:42:0b:f2:93:5e:4c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CommConfigDialogA
lstrcpynA
ClearCommError
SetConsoleTextAttribute
GetCurrentProcess
SetMailslotInfo
ScrollConsoleScreenBufferW
SetEnvironmentVariableW
SetConsoleScreenBufferSize
ConnectNamedPipe
GetPrivateProfileStringW
GetPriorityClass
SetVolumeMountPointA
FindNextVolumeW
GetBinaryTypeA
GetAtomNameW
MultiByteToWideChar
GetVolumePathNameA
GetProcAddress
EnumSystemCodePagesW
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
SetFileApisToANSI
SetConsoleWindowInfo
FindFirstVolumeMountPointA
WTSGetActiveConsoleSessionId
CreateMailslotA
GetVolumeInformationW
lstrcpyA
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
GetLastError
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
ReadFile
SetFilePointerEx
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
IsValidCodePage
GetOEMCP
LoadLibraryExW
GetConsoleMode
SetStdHandle
FlushFileBuffers
GetConsoleCP
OutputDebugStringW
WriteConsoleW
CloseHandle
CreateFileW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

85bc386bd6a1f821258a1c9abc71d3dd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c5:12:51:47:45:cf:54:dd:66:02:e2:05:35:1c:97:c7:7c:bf:e1:84:43:f2:7d:c1:d5:2d:57:d4:01:e4:d6:c0Signer

41:c0:89:ef:df:e4:88:80:32:55:bf:b4:a7:aa:42:0b:f2:93:5e:4cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 104KB - Virtual size: 336KB

.rsrc Size: 70KB - Virtual size: 70KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:18:e2:30:57:8f:9f:21:4a:0b:b1:65:4d:b4:44:d8
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c5:12:51:47:45:cf:54:dd:66:02:e2:05:35:1c:97:c7:7c:bf:e1:84:43:f2:7d:c1:d5:2d:57:d4:01:e4:d6:c0
Signer

41:c0:89:ef:df:e4:88:80:32:55:bf:b4:a7:aa:42:0b:f2:93:5e:4c
Signer

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 104KB - Virtual size: 336KB

.rsrc
Size: 70KB - Virtual size: 70KB