JaffaCakes118_fbb346ad0acdc9e1926d5326f5738be955818e4ec19217e0de357ba3930731ed

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_fbb346ad0acdc9e1926d5326f5738be955818e4ec19217e0de357ba3930731ed
Size

182KB
MD5

e1ecd73648bbd289139e6b18e0e5b3a9
SHA1

a580daf892dfe73be5657913b3c51710c4edad86
SHA256

fbb346ad0acdc9e1926d5326f5738be955818e4ec19217e0de357ba3930731ed
SHA512

c99b653a6dbe66de9e44c0b5db963a397a61008ffb676e9a37953699f36c148c132842fce925295ec2532e4015878f3d87d479fd30fa38039d95456f03d22651
SSDEEP

3072:+9/PBOZzEdyhBrq4hsIfjTUdZyADcj8w2PnmAjD1kOiXCbZ350pmeLH3t:C3BOZzEdIBO4JfXUdkr8OAf1kOiyVJed

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_fbb346ad0acdc9e1926d5326f5738be955818e4ec19217e0de357ba3930731ed
.zip

Password: infected
b218ea35335833ba6dab543183314754db42bace4e62cf5950447c743b0ea4f6
.exe windows:5 windows x86 arch:x86

fe2e6a74088fb78e7a42cba0b5ad1259

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:55

Not After

19-01-2027 11:55

Subject

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:60:c9:24:4e:78:45:86:62:d6:d6:bf:9b:48:e3:0d
Certificate

Issuer

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11-02-2021 14:22

Not After

11-02-2022 14:22

Subject

SERIALNUMBER=07708361,CN=Application Delivery Solutions Ltd,OU=Tech Department,O=Application Delivery Solutions Ltd,POSTALCODE=E16 3DJ,STREET=11 Cundy Road,L=London,ST=Greater London,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13064c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.2=#130e47726561746572204c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72
Signer

Actual PE Digest

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
CreateTimerQueue
RemoveVectoredExceptionHandler
EnumDateFormatsExW
MoveFileExA
SetEndOfFile
FindResourceExW
LoadResource
SystemTimeToTzSpecificLocalTime
HeapAlloc
MapViewOfFileEx
InterlockedDecrement
GetModuleHandleExW
ReadConsoleOutputA
GetSystemTimes
HeapDestroy
GetExitCodeProcess
Beep
GetTimeZoneInformation
ExitThread
GlobalUnfix
GetLastError
HeapSize
GetAtomNameA
OpenWaitableTimerW
LocalAlloc
SetConsoleCursorInfo
GetModuleHandleA
lstrcatW
EraseTape
VirtualProtect
CompareStringA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineW
RaiseException
RtlUnwind
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
HeapValidate
GetSystemInfo
GetCurrentThreadId
GetProcessHeap
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapFree
HeapReAlloc
HeapQueryInformation
GetModuleFileNameA
LCMapStringW
GetStringTypeW
SetStdHandle
FlushFileBuffers
ReadFile
ReadConsoleW
CreateFileW
CloseHandle

Exports

Exports

Memories

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

fe2e6a74088fb78e7a42cba0b5ad1259

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3Certificate

Extended Key Usages

Key Usages

77:60:c9:24:4e:78:45:86:62:d6:d6:bf:9b:48:e3:0dCertificate

Extended Key Usages

Key Usages

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 12KB - Virtual size: 38.6MB

.rsrc Size: 31KB - Virtual size: 31KB

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

77:60:c9:24:4e:78:45:86:62:d6:d6:bf:9b:48:e3:0d
Certificate

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72
Signer

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 38.6MB

.rsrc
Size: 31KB - Virtual size: 31KB