ec54785c00f4210165b6f7e20970c6f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec54785c00f4210165b6f7e20970c6f0_JaffaCakes118
Size

284KB
MD5

ec54785c00f4210165b6f7e20970c6f0
SHA1

06638617fbb486ba64181afe66e51b0c5f89a607
SHA256

0d083991087feeab2e800cf24590f193d856b3aa8d1f67c08ae015aa7b36fcd6
SHA512

490427ed799a497858fa133d70b1304bbb6ce136c438b2c1a0afa11a8565e4b4d6a85e028e67cb46f40bd99ea24d3d83a26b6c9ba8ea8d955a2927488cd5441a
SSDEEP

6144:6pHJwZwBqA0kef6upNy33cAkRloMG+usfo2e0DNZVY9lOCN:61+ZChW5nKqRloMMCo2NVY90CN

Score

1^/10

Malware Config

Signatures

Files

ec54785c00f4210165b6f7e20970c6f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3d47d53a7276257e174fbcf6caa958b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b0:2a:97:67:c5:b6:73:8e:3a:e3:00:91:65:f4:76:b4:76:67:5d
Signer

Actual PE Digest

03:b0:2a:97:67:c5:b6:73:8e:3a:e3:00:91:65:f4:76:b4:76:67:5d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
DuplicateHandle
GetEnvironmentStringsW
SearchPathA
GetProcAddress
FlushFileBuffers
SetLastError
CreateMailslotA

user32

CheckDlgButton
CreateDialogParamA
CharLowerW
CopyImage
GetMenuItemInfoW
CharUpperA
GetActiveWindow
SetDlgItemTextW
DeleteMenu
ClientToScreen
UpdateLayeredWindow
DefWindowProcW
InsertMenuItemW
InvalidateRgn
LoadBitmapW
CharPrevA
MonitorFromWindow
GetDC
OffsetRect
GetDlgItem
RegisterWindowMessageW
BringWindowToTop
CheckMenuRadioItem
CheckMenuItem
DrawTextA
RegisterClassA
CharUpperW
CreateWindowExW
LoadIconA
AnimateWindow
IsIconic
EnumDesktopWindows
SetWindowPos
CharNextW
EnumClipboardFormats
CharLowerA
CreateCaret
DialogBoxParamW
SetMenu
SetCapture
CopyIcon
GetCursorPos
GetWindowLongW
ArrangeIconicWindows
MessageBoxW
IsDlgButtonChecked
UpdateWindow
CharNextA
IsMenu
DefFrameProcA

gdi32

GetGraphicsMode
GetEnhMetaFilePaletteEntries
PolyDraw
GetEnhMetaFileBits
Pie
GetKerningPairsA
GetMetaFileW
ArcTo
GetMetaFileBitsEx
GetCharABCWidthsA

advapi32

RegCreateKeyExA
RegQueryValueW
RegEnumValueA
RegOpenKeyExW
RegDeleteValueW
RegReplaceKeyA
RegReplaceKeyW

shell32

ExtractIconExA
SHGetDesktopFolder
StrRStrIW
SHCreateDirectoryExA
StrCmpNIW
SHGetDataFromIDListA
StrRStrIA
StrCmpNW

opengl32

glLightiv
glColor3sv
glMultMatrixf
wglUseFontOutlinesA
glPopAttrib
glTexCoord2sv
GlmfBeginGlsBlock
glScalef
glColor4i

ws2_32

recvfrom
inet_ntoa
WSADuplicateSocketA
getservbyport
getservbyname

winspool.drv

DeletePrinter
OpenPrinterA

wsock32

GetAddressByNameW
ntohl
SetServiceW
getservbyname
socket
GetNameByTypeW
WSAAsyncGetServByPort
AcceptEx
select
WSAAsyncGetServByName
WSAStartup

crypt32

CertFindSubjectInSortedCTL
CertFindChainInStore
CryptGetAsyncParam
CertSerializeCRLStoreElement
I_CryptSetTls
CryptEncodeObject
CryptMsgDuplicate
RegSetValueExU
CryptFreeOIDFunctionAddress
CertDeleteCRLFromStore
I_CryptReleaseLruEntry
CryptSIPRetrieveSubjectGuid
CryptHashToBeSigned
CryptHashMessage
CertDuplicateCertificateContext

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.URMkF
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zJXOMC
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xGw
Size: 2KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Q
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Pu
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FU
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPSD
Size: 2KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.agwcuf
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lj
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yhy
Size: 1KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3d47d53a7276257e174fbcf6caa958b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

03:b0:2a:97:67:c5:b6:73:8e:3a:e3:00:91:65:f4:76:b4:76:67:5dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

ws2_32

winspool.drv

wsock32

crypt32

Sections

.text Size: 13KB - Virtual size: 12KB

.URMkF Size: 512B - Virtual size: 4KB

.zJXOMC Size: 1024B - Virtual size: 21KB

.xGw Size: 2KB - Virtual size: 572B

.Q Size: 4KB - Virtual size: 19KB

.Pu Size: 1KB - Virtual size: 16KB

.FU Size: 1024B - Virtual size: 35KB

.UPSD Size: 2KB - Virtual size: 38KB

.agwcuf Size: 1024B - Virtual size: 24KB

.data Size: 16KB - Virtual size: 16KB

.lj Size: 1KB - Virtual size: 4KB

.yhy Size: 1KB - Virtual size: 255KB

.rsrc Size: 229KB - Virtual size: 229KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

03:b0:2a:97:67:c5:b6:73:8e:3a:e3:00:91:65:f4:76:b4:76:67:5d
Signer

.text
Size: 13KB - Virtual size: 12KB

.URMkF
Size: 512B - Virtual size: 4KB

.zJXOMC
Size: 1024B - Virtual size: 21KB

.xGw
Size: 2KB - Virtual size: 572B

.Q
Size: 4KB - Virtual size: 19KB

.Pu
Size: 1KB - Virtual size: 16KB

.FU
Size: 1024B - Virtual size: 35KB

.UPSD
Size: 2KB - Virtual size: 38KB

.agwcuf
Size: 1024B - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 16KB

.lj
Size: 1KB - Virtual size: 4KB

.yhy
Size: 1KB - Virtual size: 255KB

.rsrc
Size: 229KB - Virtual size: 229KB