JaffaCakes118_7693adaa3901562ffbe312e00a67b5ac

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7693adaa3901562ffbe312e00a67b5ac
Size

4.7MB
MD5

7693adaa3901562ffbe312e00a67b5ac
SHA1

dc50bbe9c88294e57498af321963d5808e86c9e6
SHA256

1221a6e6cb951b0ceaa80c93481ad15bb42581cf622996d137774ca3674d3220
SHA512

e4fe2264953c48c323a303cc921ee60bed5471659e4207d382d71147103942066edcd2e3c47b47e3e5563df65e4a04a32ccd43ad514bbf10230738e99150ad2f
SSDEEP

98304:LLV/SvvjizRFGfgNKhUqrcHCjNQiI8x1/Bw1qIR/z25Jmri:1/GjRoN+UqkiQiI8//Bw1lR/65Iri

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_7693adaa3901562ffbe312e00a67b5ac
.exe windows:6 windows x86 arch:x86

908bea7ee71339f1c35ba419da3ba679

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-10-2019 00:00

Not After

18-10-2022 12:00

Subject

CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:a5:f7:c3:0a:50:9c:a4:bd:14:aa:0e:cf:11:e0:fd:9e:c9:e0:d2:b4:3f:97:19:86:00:42:ac:4f:95:ba:e6
Signer

Actual PE Digest

ea:a5:f7:c3:0a:50:9c:a4:bd:14:aa:0e:cf:11:e0:fd:9e:c9:e0:d2:b4:3f:97:19:86:00:42:ac:4f:95:ba:e6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bqb2b41
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bqb2b41
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908bea7ee71339f1c35ba419da3ba679

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ea:a5:f7:c3:0a:50:9c:a4:bd:14:aa:0e:cf:11:e0:fd:9e:c9:e0:d2:b4:3f:97:19:86:00:42:ac:4f:95:ba:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.JqjbwEJ Size: 3KB - Virtual size: 3KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 7KB

.bqb2b41 Size: 2.5MB - Virtual size: 2.5MB

.bqb2b41 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 16KB - Virtual size: 15KB

.rsrc Size: 166KB - Virtual size: 166KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ea:a5:f7:c3:0a:50:9c:a4:bd:14:aa:0e:cf:11:e0:fd:9e:c9:e0:d2:b4:3f:97:19:86:00:42:ac:4f:95:ba:e6
Signer

.text
Size: 136KB - Virtual size: 135KB

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 7KB

.bqb2b41
Size: 2.5MB - Virtual size: 2.5MB

.bqb2b41
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 166KB - Virtual size: 166KB