JaffaCakes118_70b34fd39a8536035490ba2000aba26d8a4bf416275a8091a962770477026f3d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_70b34fd39a8536035490ba2000aba26d8a4bf416275a8091a962770477026f3d
Size

5.0MB
MD5

176d3f4f148b323076261ff3e25ffcdd
SHA1

de96a1eca638bf3aa0ef95b93e0c6617b28bec4e
SHA256

70b34fd39a8536035490ba2000aba26d8a4bf416275a8091a962770477026f3d
SHA512

6a47edf54a98f911e0b148c510166f7fa84a2833469e6c0edc8b2f79a767f08ca02c543da9da808ea9e41c26b3365656722e94ff6f40663b4088e5f63013e09c
SSDEEP

98304:gr69xeRSKie9LMxs5yTgt0gf/bFOAjwhDiJkLU:gTQKiSzUqv7F70iP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/filedata

Files

JaffaCakes118_70b34fd39a8536035490ba2000aba26d8a4bf416275a8091a962770477026f3d
.rar .zip polyglot
Trator/423F082B5B9913C8EB66528CBFE03E70-P-EXE.zip
.zip
filedata
.exe windows:5 windows x64 arch:x64

2f59e7527b47cab51794e7dcd5705c87

Code Sign

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41
Certificate

Issuer

CN=dreamsoftware.jp

Not Before

11-02-2021 20:09

Not After

31-12-2039 23:59

Subject

CN=dreamsoftware.jp

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:a5:11:2b:d8:44:75:5d:07:71:eb:7d:48:f7:f6:bc:9b:93:89:5e
Signer

Actual PE Digest

03:a5:11:2b:d8:44:75:5d:07:71:eb:7d:48:f7:f6:bc:9b:93:89:5e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\installer.pdb

Imports

kernel32

Sleep
FindClose
FindFirstFileA
TerminateProcess
SwitchToThread
CreateThread
ExitThread
FreeConsole
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcessId
VirtualFree
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
MapViewOfFile
GetTickCount
WaitForSingleObject
GetLastError
GetProcAddress
SetEnvironmentVariableW
GetCurrentProcess
CloseHandle
ReadFile
CreateFileW
WriteFile
ExitProcess
LocalFree
LocalAlloc
SetStdHandle
SetFilePointerEx
WriteConsoleW
LCMapStringW
GetCommandLineA
GetCurrentThreadId
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
LoadLibraryExW
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize

user32

EnumWindows
ShowWindow
wsprintfW
wsprintfA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1021KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

COMP
Size: 929KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
metadata
Trator/70DCF3700E84AAC402567E50097A2B90-SDNS.zip
.zip
filedata
.exe windows:5 windows x64 arch:x64

a73942e381a32895bb7b78be9ac9ae85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Build\x64\Debug\lm.pdb

Imports

kernel32

LocalAlloc
GetLastError
GetFileSize
WriteFile
ReadFile
CloseHandle
CreateFileA
GetProcAddress
LocalFree
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetModuleFileNameA
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleExW
RtlUnwindEx
RaiseException
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetCurrentThread
GetCurrentThreadId
ExitProcess
AreFileApisANSI
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
HeapSize
HeapValidate
GetSystemInfo
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
FatalAppExitA
SetConsoleCtrlHandler
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
OutputDebugStringA
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapFree
VirtualQuery
FreeLibrary
HeapReAlloc
HeapQueryInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
RtlPcToFileHeader
CreateFileW

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
metadata
Trator/D921D26CEBC3BEDAD6419EF4298CD3E1-PD-EXE.zip
.zip
filedata
.exe windows:5 windows x64 arch:x64

c2be5037d6bb6109828f149ac8442eb5

Code Sign

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41
Certificate

Issuer

CN=dreamsoftware.jp

Not Before

11-02-2021 20:09

Not After

31-12-2039 23:59

Subject

CN=dreamsoftware.jp

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:c2:da:90:cc:2c:64:49:4b:33:9b:0f:f9:af:b9:1b:88:6b:dd:c1
Signer

Actual PE Digest

1a:c2:da:90:cc:2c:64:49:4b:33:9b:0f:f9:af:b9:1b:88:6b:dd:c1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\_Aleph\src\x64\Debug\client_loader.pdb

Imports

kernel32

GetCurrentProcessId
TerminateProcess
Sleep
SetFilePointer
FindClose
LoadLibraryA
FindFirstFileA
VirtualFree
ReleaseMutex
FlushFileBuffers
GetLocalTime
lstrlenA
SwitchToThread
CreateThread
ExitThread
FreeConsole
GetConsoleMode
GetConsoleCP
LCMapStringW
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
MapViewOfFile
GetTickCount
WaitForSingleObject
GetLastError
GetProcAddress
CreateFileW
OutputDebugStringW
SetEnvironmentVariableW
GetCurrentProcess
OutputDebugStringA
CloseHandle
ReadFile
WriteFile
ExitProcess
LocalFree
LocalAlloc
SetStdHandle
SetFilePointerEx
WriteConsoleW
HeapSize
GetCommandLineA
GetCurrentThreadId
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
LoadLibraryExW
HeapAlloc
HeapReAlloc
GetStringTypeW

user32

EnumWindows
ShowWindow
MessageBoxA
wsprintfW
wsprintfA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

COMP
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
metadata

Sharing

General

Malware Config

Signatures

Files

2f59e7527b47cab51794e7dcd5705c87

Code Sign

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

03:a5:11:2b:d8:44:75:5d:07:71:eb:7d:48:f7:f6:bc:9b:93:89:5eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 1021KB - Virtual size: 1.0MB

.pdata Size: 3KB - Virtual size: 3KB

COMP Size: 929KB - Virtual size: 928KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 1KB - Virtual size: 1KB

a73942e381a32895bb7b78be9ac9ae85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 467KB - Virtual size: 466KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 12KB - Virtual size: 21KB

.pdata Size: 15KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 136KB - Virtual size: 140KB

c2be5037d6bb6109828f149ac8442eb5

Code Sign

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

1a:c2:da:90:cc:2c:64:49:4b:33:9b:0f:f9:af:b9:1b:88:6b:dd:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 3KB - Virtual size: 3KB

COMP Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 1KB - Virtual size: 1KB

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

03:a5:11:2b:d8:44:75:5d:07:71:eb:7d:48:f7:f6:bc:9b:93:89:5e
Signer

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 1021KB - Virtual size: 1.0MB

.pdata
Size: 3KB - Virtual size: 3KB

COMP
Size: 929KB - Virtual size: 928KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 467KB - Virtual size: 466KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 12KB - Virtual size: 21KB

.pdata
Size: 15KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 136KB - Virtual size: 140KB

08:bb:e4:6d:56:37:57:bc:43:ba:4e:e8:3e:02:b3:41
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

1a:c2:da:90:cc:2c:64:49:4b:33:9b:0f:f9:af:b9:1b:88:6b:dd:c1
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 3KB - Virtual size: 3KB

COMP
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 1KB - Virtual size: 1KB