JaffaCakes118_a8afa0d53599a0c834f211624bbed0bc

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a8afa0d53599a0c834f211624bbed0bc
Size

5.0MB
MD5

a8afa0d53599a0c834f211624bbed0bc
SHA1

a6763aec67da918d54144fdd5ff9d2de66e4574b
SHA256

aa1f78b6d224ca14e19ba9d0bff8381e360db52d27b10b3246889a387c4a3292
SHA512

41d3f1202e89440b188995116e5244a50e2046e35b91e933a3b0c10b1d771acc1d191fcd3cc315d2bc430c05ae24bbcfd41e539c043a9bf87cb9228f6bd23a39
SSDEEP

98304:lLXZ2+8B3LnehT9qZZjKmRhZTXibS/BXbh3iw/Wha2P3ODmux:i+Q3LObo7/Rh3t+3ODmU

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_a8afa0d53599a0c834f211624bbed0bc
.exe windows:6 windows x86 arch:x86

908bea7ee71339f1c35ba419da3ba679

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-10-2019 00:00

Not After

18-10-2022 12:00

Subject

CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:33:8f:8c:94:b6:14:09:58:79:56:0b:6e:aa:df:65:75:d0:66:68:29:47:b0:0b:49:91:26:a2:01:59:9c:92
Signer

Actual PE Digest

ea:33:8f:8c:94:b6:14:09:58:79:56:0b:6e:aa:df:65:75:d0:66:68:29:47:b0:0b:49:91:26:a2:01:59:9c:92

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908bea7ee71339f1c35ba419da3ba679

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ea:33:8f:8c:94:b6:14:09:58:79:56:0b:6e:aa:df:65:75:d0:66:68:29:47:b0:0b:49:91:26:a2:01:59:9c:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.JqjbwEJ Size: 3KB - Virtual size: 3KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 7KB

.JBQwnzq Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 16KB - Virtual size: 15KB

.rsrc Size: 292KB - Virtual size: 292KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ea:33:8f:8c:94:b6:14:09:58:79:56:0b:6e:aa:df:65:75:d0:66:68:29:47:b0:0b:49:91:26:a2:01:59:9c:92
Signer

.text
Size: 136KB - Virtual size: 135KB

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 7KB

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 292KB - Virtual size: 292KB